Information disclosure in Linux kernel

#VU93004 Information disclosure in Linux kernel

Published: 2024-06-21

Vulnerability identifier: #VU93004

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48629

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://git.kernel.org/stable/c/a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d
http://git.kernel.org/stable/c/184f7bd08ce56f003530fc19f160d54e75bf5c9d
http://git.kernel.org/stable/c/0f9b7b8df17525e464294c916acc8194ce38446b
http://git.kernel.org/stable/c/ab9337c7cb6f875b6286440b1adfbeeef2b2b2bd
http://git.kernel.org/stable/c/485995cbc98a4f77cfd4f8ed4dd7ff8ab262964d
http://git.kernel.org/stable/c/a680b1832ced3b5fa7c93484248fd221ea0d614b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS update for kernel

Multiple vulnerabilities in Dell EMC VxRail Appliance

openEuler 20.03 LTS SP4 update for kernel

openEuler 20.03 LTS SP1 update for kernel