CVE-2022-49078

EPSS 0.07%
Veröffentlicht 26.02.2025 07:00:45
Zuletzt bearbeitet 25.03.2025 18:55:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

lz4: fix LZ4_decompress_safe_partial read out of bound

When partialDecoding, it is EOF if we've either filled the output buffer
or can't proceed with reading an offset for following match.

In some extreme corner cases when compressed data is suitably corrupted,
UAF will occur.  As reported by KASAN [1], LZ4_decompress_safe_partial
may lead to read out of bound problem during decoding.  lz4 upstream has
fixed it [2] and this issue has been disscussed here [3] before.

current decompression routine was ported from lz4 v1.8.3, bumping
lib/lz4 to v1.9.+ is certainly a huge work to be done later, so, we'd
better fix it first.

[1] https://lore.kernel.org/all/000000000000830d1205cf7f0477@google.com/
[2] https://github.com/lz4/lz4/commit/c5d6f8a8be3927c0bec91bcc58667a6cfad244ad#
[3] https://lore.kernel.org/all/CC666AE8-4CA4-4951-B6FB-A2EFDE3AC03B@fb.com/

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.4.189

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.111

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.34

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.20

Linux ≫ Linux Kernel Version >= 5.17 < 5.17.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.205

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/467d5e200ab4486b744fe1776154a43d1aa22d4b

Patch

https://git.kernel.org/stable/c/6adc01a7aa37445dafe8846faa0610a86029b253

Patch

https://git.kernel.org/stable/c/73953dfa9d50e5c9fe98ee13fd1d3427aa12a0a3

Patch

https://git.kernel.org/stable/c/9fb8bc6cfc58773ce95414e11c9ccc8fc6ac4927

Patch

https://git.kernel.org/stable/c/e64dbe97c05c769525cbca099ddbd22485630235

Patch

https://git.kernel.org/stable/c/eafc0a02391b7b36617b36c97c4b5d6832cf5e24

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49078

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49078

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49078

EUVD