SB20240531238 - Out-of-bounds read in Linux kernel ipv6
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240531238
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2022-48687)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/dc9dbd65c803af1607484fed5da50d41dc8dd864
- https://git.kernel.org/stable/c/f684c16971ed5e77dfa25a9ad25b5297e1f58eab
- https://git.kernel.org/stable/c/3df71e11a4773d775c3633c44319f7acdb89011c
- https://git.kernel.org/stable/c/076f2479fc5a15c4a970ca3b5e57d42ba09a31fa
- https://git.kernel.org/stable/c/55195563ec29f80f984237b743de0e2b6ba4d093
- https://git.kernel.org/stable/c/56ad3f475482bca55b0ae544031333018eb145b3
- https://git.kernel.org/stable/c/84a53580c5d2138c7361c7c3eea5b31827e63b35
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.293
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.258
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.143
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.213
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0