CVE-2022-48423 — Out-of-bounds Write in Kernel

CWE-787 — Out-of-bounds Write16 documents7 sources

Severity

7.8HIGHNVD

OSV8.8OSV4.7

EPSS

0.0%

top 92.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc Cbl2 Kernel 5.15.102.1-3 ON CBL Mariner 2.0 +2 more

Timeline

PublishedMar 19

Latest updateMay 22

Description

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶NVDlinux/linux_kernel< 6.1.3

▶Debianlinux/linux_kernel< 6.1.4-1+2

▶Ubuntulinux/linux_kernel< 5.15.0-69.76

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.102.1-3_on_cbl_mariner_2.0

Patches

Patch: cdn.kernel.org ↗Patch: git.kernel.org ↗Patch: cdn.kernel.org ↗

🔴Vulnerability Details

OSV

linux-gcp, linux-hwe-5.19 vulnerabilities↗2023-05-22

▶

OSV

linux, linux-aws, linux-azure, linux-azure-5.19, linux-kvm, linux-lowlatency, linux-raspi vulnerabilities↗2023-05-16

▶

OSV

linux-intel-iotg vulnerabilities↗2023-04-11

▶

OSV

linux-gke, linux-gke-5.15, linux-ibm, linux-kvm vulnerabilities↗2023-03-29

▶

OSV

linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, lin↗2023-03-28

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2023-05-22

▶

Ubuntu

Linux kernel vulnerabilities↗2023-05-18

▶

Ubuntu

Linux kernel vulnerabilities↗2023-05-16

▶

Ubuntu

Linux kernel (Intel IoTG) vulnerabilities↗2023-04-11

▶

Ubuntu

Linux kernel vulnerabilities↗2023-03-29

▶