SB20241022206 - Buffer overflow in Linux kernel udf

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2022-48946)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c
• https://git.kernel.org/stable/c/7665857f88557c372da35534165721156756f77f
• https://git.kernel.org/stable/c/72f651c96c8aadf087fd782d551bf7db648a8c2e
• https://git.kernel.org/stable/c/4d835efd561dfb9bf5409f11f4ecd428d5d29226
• https://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746
• https://git.kernel.org/stable/c/63dbbd8f1499b0a161e701a04aa50148d60bd1f7
• https://git.kernel.org/stable/c/ae56d9a017724f130cf1a263dd82a78d2a6e3852
• https://git.kernel.org/stable/c/12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf
• https://git.kernel.org/stable/c/cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.303
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.161
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.85
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.15
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.1
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2