5.5

CVE-2022-48804

vt_ioctl: fix array_index_nospec in vt_setactivate

In the Linux kernel, the following vulnerability has been resolved:

vt_ioctl: fix array_index_nospec in vt_setactivate

array_index_nospec ensures that an out-of-bounds value is set to zero
on the transient path. Decreasing the value by one afterwards causes
a transient integer underflow. vsa.console should be decreased first
and then sanitized with array_index_nospec.

Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh
Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU
Amsterdam.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.9.302
LinuxLinux Kernel Version >= 4.10 < 4.14.267
LinuxLinux Kernel Version >= 4.15 < 4.19.320
LinuxLinux Kernel Version >= 4.20 < 5.4.180
LinuxLinux Kernel Version >= 5.5 < 5.10.101
LinuxLinux Kernel Version >= 5.11 < 5.15.24
LinuxLinux Kernel Version >= 5.16 < 5.16.10
LinuxLinux Kernel Version5.17 Updaterc1
LinuxLinux Kernel Version5.17 Updaterc2
LinuxLinux Kernel Version5.17 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.22
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885
Patch
https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0
Patch
https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9
Patch
https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02
Patch
https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf
Patch
https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90
Patch
https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104
Patch
https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118
Patch