PT-2022-7609 · Linux+3 · Linux Kernel+3

Jordy Zomer

Published

2022-02-01

Updated

2025-01-06

CVE-2022-48730

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a potential Spectre v1 gadget in the dma-buf heaps of the Linux kernel. The nr variable, supplied by a user and used as an array index, could allow an attacker to leak kernel memory contents to userspace via speculative execution. This can be prevented by using array index nospec.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-402CWE-203

Related Identifiers

BDU:2024-07399

CVE-2022-48730

OPENSUSE-SU-2024_2362-1

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2362-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2384-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-7609 · Linux+3 · Linux Kernel+3

CVE-2022-48730

Weakness Enumeration

Related Identifiers

Affected Products

References · 1274