UBUNTU-CVE-2022-2308

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2022-2308
Published: 01 Sept 2022, 21:15
Last modified:22 Apr 2026, 13:18

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 Sept 2022, 21:15
Published
Vulnerability first disclosed
22 Apr 2026, 13:18
Last Modified
Vulnerability information updated

Description

A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.

CVSS Metrics

  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Systems

  • ubuntulinux

    < 5.15.0-57.63

  • ubuntulinux-aws

    < 5.15.0-1027.31

  • ubuntulinux-aws-5.0

    all

  • ubuntulinux-aws-5.11

    all

  • ubuntulinux-aws-5.13

    all

  • ubuntulinux-aws-5.15

    < 5.15.0-1027.31~20.04.1

  • ubuntulinux-aws-5.3

    all

  • ubuntulinux-aws-5.8

    all

  • ubuntulinux-aws-6.2

    all

  • ubuntulinux-azure

    all | < 5.15.0-1030.37

  • ubuntulinux-azure-5.11

    all

  • ubuntulinux-azure-5.13

    all

  • ubuntulinux-azure-5.15

    < 5.15.0-1030.37~20.04.1

  • ubuntulinux-azure-5.3

    all

  • ubuntulinux-azure-5.8

    all

  • ubuntulinux-azure-6.2

    all

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-azure-fde

    < 5.15.0-1030.37.1

  • ubuntulinux-azure-fde-5.15

    < 5.15.0-1030.37~20.04.1.1

  • ubuntulinux-azure-fde-6.2

    all

  • ubuntulinux-gcp

    all | < 5.15.0-1026.33

  • ubuntulinux-gcp-5.11

    all

  • ubuntulinux-gcp-5.13

    all

  • ubuntulinux-gcp-5.15

    < 5.15.0-1027.34~20.04.1

  • ubuntulinux-gcp-5.3

    all

  • ubuntulinux-gcp-5.8

    all

  • ubuntulinux-gcp-6.2

    all

  • ubuntulinux-gke

    < 5.15.0-1024.29

  • ubuntulinux-gke-4.15

    all

  • ubuntulinux-gke-5.15

    < 5.15.0-1027.32~20.04.1

  • ubuntulinux-gke-5.4

    all

  • ubuntulinux-gkeop

    < 5.15.0-1012.16

  • ubuntulinux-gkeop-5.15

    < 5.15.0-1012.16~20.04.1

  • ubuntulinux-gkeop-5.4

    all

  • ubuntulinux-hwe

    all

  • ubuntulinux-hwe-5.11

    all

  • ubuntulinux-hwe-5.13

    all

  • ubuntulinux-hwe-5.15

    < 5.15.0-57.63~20.04.1

  • ubuntulinux-hwe-5.8

    all

  • ubuntulinux-hwe-edge

    all

  • ubuntulinux-ibm

    < 5.15.0-1022.25

  • ubuntulinux-intel-5.13

    all

  • ubuntulinux-intel-iot-realtime

    all

  • ubuntulinux-intel-iotg

    < 5.15.0-1023.28

  • ubuntulinux-intel-iotg-5.15

    < 5.15.0-1023.28~20.04.1

  • ubuntulinux-kvm

    < 5.15.0-1025.30

  • ubuntulinux-lowlatency

    < 5.15.0-57.63

  • ubuntulinux-lowlatency-hwe-5.15

    < 5.15.0-58.64~20.04.1

  • ubuntulinux-lowlatency-hwe-6.2

    all

  • ubuntulinux-nvidia

    < 5.15.0-1015.15

Showing first 50 affected entries in server-rendered view.

References (2)