Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-48832HistoryJul 16, 2024 - 12:15 p.m.
CVE-2022-48832
2024-07-1612:15:06
Debian Security Bug Tracker
security-tracker.debian.org
1
linux kernel
vulnerability
resolved
audit
syscall arguments
dereferencing
In the Linux kernel, the following vulnerability has been resolved: audit: don’t deref the syscall args when checking the openat2 open_how::flags As reported by Jeff, dereferencing the openat2 syscall argument in audit_match_perm() to obtain the open_how::flags can result in an oops/page-fault. This patch fixes this by using the open_how struct that we store in the audit_context with audit_openat2_how(). Independent of this patch, Richard Guy Briggs posted a similar patch to the audit mailing list roughly 40 minutes after this patch was posted.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | < 5.16.10-1 | linux_5.16.10-1_all.deb |
| Debian | 11 | all | linux | < 5.10.223-1 | linux_5.10.223-1_all.deb |
| Debian | 999 | all | linux | < 5.16.10-1 | linux_5.16.10-1_all.deb |
| Debian | 13 | all | linux | < 5.16.10-1 | linux_5.16.10-1_all.deb |
Related
nvd
nvd
CVE-2022-48832
2024-07-16 12:15:06
cve
cve
CVE-2022-48832
2024-07-16 12:15:06
osv
osv
CVE-2022-48832
2024-07-16 12:15:06
cvelist
cvelist
redhatcve
redhatcve
CVE-2022-48832
2024-07-16 20:56:35
ubuntucve
ubuntucve
CVE-2022-48832
2024-07-16 00:00:00
vulnrichment
vulnrichment