CVE-2022-1462Race Condition in Kernel

CWE-362Race ConditionCWE-125Out-of-bounds Read16 documents10 sources
Severity
6.3MEDIUMNVD
OSV5.9
EPSS
0.0%
top 87.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxRedhat Enterprise Linux+1 more
Timeline
PublishedJun 2
Latest updateFeb 26

Description

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.0 | Impact: 5.2

Affected Packages4 packages

Debianlinux/linux_kernel< 5.10.136-1+3
Ubuntulinux/linux_kernel< 4.4.0-239.273
CVEListV5linux/linux_kernelno information yet
Palo Altopaloalto/pan-os

Also affects: Debian Linux 10.0, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

5
OSV
linux, linux-kvm, linux-lts-xenial vulnerabilities2023-04-12
OSV
linux-aws vulnerabilities2023-04-06
GHSA
GHSA-34x8-rwh3-j65f: An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem2022-06-03
OSV
CVE-2022-1462: An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem2022-06-02
CVEList
CVE-2022-1462: An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem2022-05-31

📋Vendor Advisories

10
Red Hat
kernel: sfc: fix kernel panic when creating VF2025-02-26
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-12
Ubuntu
Linux kernel vulnerabilities2023-04-12
CVE-2022-1462 — Race Condition in Linux Kernel | cvebase