CVE-2022-48804
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec. Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.02%• Percentile: 4%
Techniques & Countermeasures
- CWE-191•Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Affected Systems
- linux•linux
≥ 0ec459ec174031fad02a55e622cf2fc0d2e75a25, < 830c5aa302ec16b4ee641aec769462c37f802c90 | ≥ 4334a6ae867aa12f01c1755368fd0de4c926ac75, < 2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0 | ≥ e97267cb4d1ee01ca0929638ec0fcbb0904f903d, < 170325aba4608bde3e7d21c9c19b7bc266ac0885 | ≥ e97267cb4d1ee01ca0929638ec0fcbb0904f903d, < ae3d57411562260ee3f4fd5e875f410002341104 | ≥ e97267cb4d1ee01ca0929638ec0fcbb0904f903d, < 778302ca09498b448620edd372dc908bebf80bdf | ≥ e97267cb4d1ee01ca0929638ec0fcbb0904f903d, < ffe54289b02e9c732d6f04c8ebbe3b2d90d32118 | ≥ e97267cb4d1ee01ca0929638ec0fcbb0904f903d, < 6550bdf52846f85a2a3726a5aa0c7c4399f2fc02 | ≥ e97267cb4d1ee01ca0929638ec0fcbb0904f903d, < 61cc70d9e8ef5b042d4ed87994d20100ec8896d9 | 458697ab18b512445ac273ce68a9f8fd623fc0a3 | 1aa698b65186c13ed775896ed1dfec7c26c73d60 | 52ef74c21c277e50de771fc722d814a830b3036b | ≥ 4.9.130, < 4.9.302 | ≥ 4.14.73, < 4.14.267 | ≥ 3.16.62, < 3.17 | ≥ 4.4.159, < 4.5 | ≥ 4.18.11, < 4.19 | 4.19
- linux•linux_kernel
< 4.9.302 | ≥ 4.10, < 4.14.267 | ≥ 4.15, < 4.19.320 | ≥ 4.20, < 5.4.180 | ≥ 5.5, < 5.10.101 | ≥ 5.11, < 5.15.24 | ≥ 5.16, < 5.16.10 | 5.17:rc1 | 5.17:rc2 | 5.17:rc3
References (8)
- https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90
- https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0
- https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885
- https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104
- https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf
- https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118
- https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02
- https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9