#VU90314 Out-of-bounds read in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90314

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48687

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/dc9dbd65c803af1607484fed5da50d41dc8dd864
http://git.kernel.org/stable/c/f684c16971ed5e77dfa25a9ad25b5297e1f58eab
http://git.kernel.org/stable/c/3df71e11a4773d775c3633c44319f7acdb89011c
http://git.kernel.org/stable/c/076f2479fc5a15c4a970ca3b5e57d42ba09a31fa
http://git.kernel.org/stable/c/55195563ec29f80f984237b743de0e2b6ba4d093
http://git.kernel.org/stable/c/56ad3f475482bca55b0ae544031333018eb145b3
http://git.kernel.org/stable/c/84a53580c5d2138c7361c7c3eea5b31827e63b35

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel (Live Patch 0 for SLE 15 SP5)
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5)
Out-of-bounds read in Linux kernel ipv6