Products
Linux kernel
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Tags
CVE-2022-48832 details
Published : July 16, 2024, 12:15 p.m.
Last Modified : July 16, 2024, 1:43 p.m.
Last Modified : July 16, 2024, 1:43 p.m.
Description
In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 open_how::flags As reported by Jeff, dereferencing the openat2 syscall argument in audit_match_perm() to obtain the open_how::flags can result in an oops/page-fault. This patch fixes this by using the open_how struct that we store in the audit_context with audit_openat2_how(). Independent of this patch, Richard Guy Briggs posted a similar patch to the audit mailing list roughly 40 minutes after this patch was posted.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://git.kernel.org/stable/c/310c9ddfdf1f8d3c9834f02175eae79c8b254b6c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| https://git.kernel.org/stable/c/7a82f89de92aac5a244d3735b2bd162c1147620c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
This website uses the NVD API, but is not approved or certified by it.