#VU93004 Information disclosure in Linux kernel - CVE-2022-48629
Vulnerability identifier: #VU93004
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: before 4.19.236, 5.4.187, 5.10.108, 5.15.31, 5.16.17, 5.17, 4.19.236, 4.19.236, 4.19.236
External links
https://git.kernel.org/stable/c/a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d
https://git.kernel.org/stable/c/184f7bd08ce56f003530fc19f160d54e75bf5c9d
https://git.kernel.org/stable/c/0f9b7b8df17525e464294c916acc8194ce38446b
https://git.kernel.org/stable/c/ab9337c7cb6f875b6286440b1adfbeeef2b2b2bd
https://git.kernel.org/stable/c/485995cbc98a4f77cfd4f8ed4dd7ff8ab262964d
https://git.kernel.org/stable/c/a680b1832ced3b5fa7c93484248fd221ea0d614b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
