#VU90314 Out-of-bounds read in Linux kernel - CVE-2022-48687
Published: May 31, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU90314
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-48687
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/dc9dbd65c803af1607484fed5da50d41dc8dd864
- https://git.kernel.org/stable/c/f684c16971ed5e77dfa25a9ad25b5297e1f58eab
- https://git.kernel.org/stable/c/3df71e11a4773d775c3633c44319f7acdb89011c
- https://git.kernel.org/stable/c/076f2479fc5a15c4a970ca3b5e57d42ba09a31fa
- https://git.kernel.org/stable/c/55195563ec29f80f984237b743de0e2b6ba4d093
- https://git.kernel.org/stable/c/56ad3f475482bca55b0ae544031333018eb145b3
- https://git.kernel.org/stable/c/84a53580c5d2138c7361c7c3eea5b31827e63b35
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.293
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.258
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.143
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.213
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0