CVE-2022-50531

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An information leak was identified in the Linux kernel related to the tipc topsrv kern subscr function. Specifically, an 8-byte write was not used to initialize the sub.usr handle variable, leaving four bytes uninitialized when issuing setsockopt calls with the SOL TIPC option. This resulted in an information leak, as reported by KMSAN, when a packet was received. The issue occurs during the processing of socket options and can lead to the exposure of data through copyout operations. The vulnerability is related to the tipc topsrv kern subscr() function and affects the handling of subscriptions within the TIPC (Transparent Inter-Process Communication) framework.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.