Lucene search

[email protected]CVE-2022-1462

HistoryJun 02, 2022 - 2:15 p.m.

CVE-2022-1462

2022-06-0214:15:00

CWE-362

[email protected]

web.nvd.nist.gov

199

linux kernel

teletype subsystem

cve-2022-1462

security flaw

out-of-bounds read

race condition

leakage of memory

ioctls

tiocsptlck

tiocgptpeer

tiocsti

tcxonc

nvd

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

6.3 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq-
redhat:enterprise_linuxredhat enterprise linuxeq8.0
redhat:enterprise_linuxredhat enterprise linuxeq9.0
debian:debian_linuxdebian debian linuxeq10.0

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	-
redhat:enterprise_linux	redhat enterprise linux	eq	8.0
redhat:enterprise_linux	redhat enterprise linux	eq	9.0
debian:debian_linux	debian debian linux	eq	10.0