5.5

CVE-2022-49643

ima: Fix a potential integer overflow in ima_appraise_measurement

In the Linux kernel, the following vulnerability has been resolved:

ima: Fix a potential integer overflow in ima_appraise_measurement

When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be
negative, which may cause the integer overflow problem.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4 < 5.4.207
LinuxLinux Kernel Version >= 5.5 < 5.10.132
LinuxLinux Kernel Version >= 5.11 < 5.15.56
LinuxLinux Kernel Version >= 5.16 < 5.18.13
LinuxLinux Kernel Version5.19 Updaterc1
LinuxLinux Kernel Version5.19 Updaterc2
LinuxLinux Kernel Version5.19 Updaterc3
LinuxLinux Kernel Version5.19 Updaterc4
LinuxLinux Kernel Version5.19 Updaterc5
LinuxLinux Kernel Version5.19 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.165
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/388f3df7c3c8b7f2a32b9ae0a9b2f9f6ad3b1b77
Patch
https://git.kernel.org/stable/c/640cea4c2839a821adfbb703b590a5928abe9286
Patch
https://git.kernel.org/stable/c/831e190175f10652be93b08436cc7bf2e62e4bb6
Patch
https://git.kernel.org/stable/c/c8d5d81940938b5f6c0f495ca9538e7740416f30
Patch
https://git.kernel.org/stable/c/d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999
Patch