7.1

CVE-2022-49852

riscv: process: fix kernel info leakage

In the Linux kernel, the following vulnerability has been resolved:

riscv: process: fix kernel info leakage

thread_struct's s[12] may contain random kernel memory content, which
may be finally leaked to userspace. This is a security hole. Fix it
by clearing the s[12] array in thread_struct when fork.

As for kthread case, it's better to clear the s[12] array as well.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.15 < 4.19.267
LinuxLinux Kernel Version >= 4.20 < 5.4.225
LinuxLinux Kernel Version >= 5.5 < 5.10.155
LinuxLinux Kernel Version >= 5.11 < 5.15.79
LinuxLinux Kernel Version >= 5.16 < 6.0.9
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
LinuxLinux Kernel Version6.1 Updaterc3
LinuxLinux Kernel Version6.1 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.067
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/c4601d30f7d989b4f354df899ab85b5f7a750d30
Patch
https://git.kernel.org/stable/c/c5c0b3167537793a7cf936fb240366eefd2fc7fb
Patch
https://git.kernel.org/stable/c/e56d18a976dda653194218df6d40d8122c775712
Patch
https://git.kernel.org/stable/c/cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
Patch
https://git.kernel.org/stable/c/358a68f98304b40b201ba5afe94c20355aa3dc68
Patch
https://git.kernel.org/stable/c/6510c78490c490a6636e48b61eeaa6fb65981f4b
Patch