#VU99116 Information disclosure in Linux kernel - CVE-2022-49020

Vulnerability identifier: #VU99116

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49020

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the p9_socket_open() function in net/9p/trans_fd.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443
https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64
https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260
https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748
https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf
https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd
https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd
https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.