CVE-2022-0494 — Sensitive Information Exposure in Kernel

CWE-200 — Sensitive Information Exposure CWE-908 — Use of Uninitialized Resource24 documents10 sources

Severity

4.4MEDIUMNVD

OSV5.9

EPSS

0.0%

top 93.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux +7 more

Timeline

PublishedMar 25

Latest updateFeb 14

Description

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages12 packages

▶NVDlinux/linux_kernel< 5.17+1

▶Debianlinux/linux_kernel< 5.10.120-1+3

▶Ubuntulinux/linux_kernel< 4.15.0-191.202+2

▶CVEListV5linux/linux_kernelkernel 5.17 rc5

▶msrcmsrc/cbl2_kernel_5.15.37.1-2_on_cbl_mariner_2.0

Also affects: Debian Linux 10.0, 11.0, 9.0

🔴Vulnerability Details

OSV

linux, linux-kvm, linux-lts-xenial vulnerabilities↗2023-04-12

▶

OSV

linux-aws vulnerabilities↗2023-04-06

▶

OSV

linux-azure-fde vulnerabilities↗2022-08-25

▶

OSV

linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2022-08-10

▶

OSV

linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities↗2022-08-10

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2023-04-12

▶

Ubuntu

Linux kernel vulnerabilities↗2023-04-12

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2023-04-06

▶

CISA ICS

Siemens SCALANCE, RUGGEDCOM Third-Party↗2023-03-16

▶

💬Community

Bugzilla

CVE-2007-2022 kdebase3 flash-player interaction problem↗2007-06-10

▶