In the Linux kernel, the following vulnerability has been resolved:
audit: don’t deref the syscall args when checking the openat2
open_how::flags
As reported by Jeff, dereferencing the openat2 syscall argument in
audit_match_perm() to obtain the open_how::flags can result in an
oops/page-fault. This patch fixes this by using the open_how struct
that we store in the audit_context with audit_openat2_how().
Independent of this patch, Richard Guy Briggs posted a similar patch
to the audit mailing list roughly 40 minutes after this patch was
posted.
git.kernel.org/linus/7a82f89de92aac5a244d3735b2bd162c1147620c (5.17-rc4)
git.kernel.org/stable/c/310c9ddfdf1f8d3c9834f02175eae79c8b254b6c
git.kernel.org/stable/c/7a82f89de92aac5a244d3735b2bd162c1147620c
launchpad.net/bugs/cve/CVE-2022-48832
nvd.nist.gov/vuln/detail/CVE-2022-48832
security-tracker.debian.org/tracker/CVE-2022-48832
www.cve.org/CVERecord?id=CVE-2022-48832