Summaryinfo

A vulnerability categorized as problematic has been discovered in Linux Kernel. This vulnerability affects the function io_read of the file fs/io_uring.c of the component io_uring Module. Executing a manipulation can lead to out-of-bounds. This vulnerability appears as CVE-2022-1508. The attack may be performed from remote. There is no available exploit. It is advisable to implement a patch to correct this issue. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability was found in Linux Kernel (Operating System) (affected version unknown). It has been declared as problematic. This vulnerability affects the function io_read of the file fs/io_uring.c of the component io_uring Module. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality. CVE summarizes:

An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds.

The weakness was presented 08/31/2022. The advisory is shared for download at git.kernel.org. This vulnerability was named CVE-2022-1508 since 04/27/2022. There are known technical details, but no exploit is available.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion