#VU99094 Buffer overflow in Linux kernel


Vulnerability identifier: #VU99094

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48946

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
http://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c
http://git.kernel.org/stable/c/7665857f88557c372da35534165721156756f77f
http://git.kernel.org/stable/c/72f651c96c8aadf087fd782d551bf7db648a8c2e
http://git.kernel.org/stable/c/4d835efd561dfb9bf5409f11f4ecd428d5d29226
http://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746
http://git.kernel.org/stable/c/63dbbd8f1499b0a161e701a04aa50148d60bd1f7
http://git.kernel.org/stable/c/ae56d9a017724f130cf1a263dd82a78d2a6e3852
http://git.kernel.org/stable/c/12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf
http://git.kernel.org/stable/c/cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability