[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248585

 
 

909

 
 

195621

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2022-40768Date: (C)2022-09-20   (M)2024-04-26


drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score :
Exploit Score: 1.8Exploit Score:
Impact Score: 3.6Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: LOWAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: HIGHAvailability:
Integrity: NONE 
Availability: NONE 
  
Reference:
FEDORA-2022-1a5b125ac6
FEDORA-2022-2cfbe17910
FEDORA-2022-b948fc3cfb
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
http://www.openwall.com/lists/oss-security/2022/09/19/1
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6022f210461fef67e6e676fd8544ca02d1bcfa7a
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c
https://lore.kernel.org/all/20220908145154.2284098-1-gregkh%40linuxfoundation.org/
https://www.openwall.com/lists/oss-security/2022/09/09/1

OVAL    45
oval:org.secpod.oval:def:707810
oval:org.secpod.oval:def:94905
oval:org.secpod.oval:def:707774
oval:org.secpod.oval:def:707813
...

© SecPod Technologies