CVE-2022-1508Out-of-bounds Read in Kernel

CWE-125Out-of-bounds Read8 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 68.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxMsrc CBL Mariner 1.0 ARM+2 more
Timeline
PublishedAug 31
Latest updateSep 1

Description

An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:HExploitability: 1.8 | Impact: 4.2

Affected Packages7 packages

debiandebian/linux< linux 5.15.3-1 (bookworm)
NVDlinux/linux_kernel< 5.15
Debianlinux/linux_kernel< 5.10.120-1+3
CVEListV5linux/linux_kernelNot-Known.

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: ubuntu.com

🔴Vulnerability Details

2
GHSA
GHSA-mjrx-6f7j-qvf7: An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special paramet2022-09-01
OSV
CVE-2022-1508: An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special paramet2022-08-31

📋Vendor Advisories

3
Microsoft
An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some me2022-08-09
Debian
CVE-2022-1508: linux - An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in th...2022
Red Hat
kernel: out-of-bounds read in iov_iter_revert() in lib/iov_iter.c2021-08-23

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGPU2022-07-14
Talos
Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGPU2022-07-14
CVE-2022-1508 — Out-of-bounds Read in Linux Kernel | cvebase