PT-2022-7469 · Linux+3 · Linux Kernel+3

Published

2022-02-14

Updated

2026-02-24

CVE-2022-48853

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to an information leak in the swiotlb component of the Linux kernel, which can occur when using DMA FROM DEVICE. The issue arises when a TEST UNIT READY command is issued via the SG IO interface, and the device does not read from the device, but the buffer is still prepared as if a DMA FROM DEVICE type of situation occurred. This can lead to the exposure of previous IO data. The swiotlb should be transparent and not affect the outcome, but in this case, it can cause an information leak.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

BDU:2024-06611

CVE-2022-48853

OPENSUSE-SU-2024_2947-1

OPENSUSE-SU-2024_3249-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:3225-1

SUSE-SU-2024:3249-1

SUSE-SU-2024:3499-1

SUSE-SU-2024:4367-1

SUSE-SU-2025:0035-1

SUSE-SU-2026:0263-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0350-1

SUSE-SU-2026:0369-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-7469 · Linux+3 · Linux Kernel+3

CVE-2022-48853

Weakness Enumeration

Related Identifiers

Affected Products

References · 2433