Main Vulnerability Database Vulnerabilities #VU69765

Use of uninitialized resource in Linux kernel - CVE-2022-2308

Published: November 30, 2022

Vulnerability identifier: #VU69765

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-2308

CWE-ID: CWE-908

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to usage of uninitialized resources in vDPA with VDUSE backend in Linux kernel. A local user can pass specially crafted data to the Virtio drivers, trigger uninitialized usage of resources and gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2103900

Use of uninitialized resource in Linux kernel - CVE-2022-2308

Description

Remediation

External links

Please verify you're human