Lucene search

[email protected]CVE-2022-1462

HistoryJun 02, 2022 - 2:15 p.m.

CVE-2022-1462

2022-06-0214:15:32

CWE-362

[email protected]

web.nvd.nist.gov

207

linux kernel

teletype subsystem

cve-2022-1462

security flaw

out-of-bounds read

race condition

leakage of memory

ioctls

tiocsptlck

tiocgptpeer

tiocsti

tcxonc

nvd

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:N/A:P

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

Affected configurations

NVD

Node

linuxlinux_kernelMatch-

Node

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

Node

debiandebian_linuxMatch10.0

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq-

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	-

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "kernel",
    "versions": [
      {
        "version": "no information yet",
        "status": "affected"
      }
    ]
  }
]