#VU99113 Information disclosure in Linux kernel - CVE-2022-49011

Vulnerability identifier: #VU99113

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49011

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the adjust_tjmax() function in drivers/hwmon/coretemp.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/bb75a0d1223d43f97089841aecb28a9b4de687a9
https://git.kernel.org/stable/c/0dd1da5a15eeecb2fe4cf131b3216fb455af783c
https://git.kernel.org/stable/c/2f74cffc7c85f770b1b1833dccb03b8cde3be102
https://git.kernel.org/stable/c/ea5844f946b1ec5c0b7c115cd7684f34fd48021b
https://git.kernel.org/stable/c/c40db1e5f316792b557d2be37e447c20d9ac4635
https://git.kernel.org/stable/c/6e035d5a2a6b907cfce9a80c5f442c2e459cd34e
https://git.kernel.org/stable/c/f598da27acbeee414679cacd14294db3e273e3d2
https://git.kernel.org/stable/c/7dec14537c5906b8bf40fd6fd6d9c3850f8df11d

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.