CVE-2022-0998

Published: Mar 30, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Vendor	Product	Versions
n/a	Kernel	affected `Linux kernel 5.17-rc1`

Weaknesses (CWE)

CWE-190

References

https://lore.kernel.org/netdev/20220123001216.2460383-13-sashal%40kernel.org/

x_refsource_MISC

[oss-security] 20220402 Re: [PATCH AUTOSEL 5.15 13/16] vdpa: clean up get_config_size ret value handling

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20220513-0003/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-0998

Description

Affected Products

Weaknesses (CWE)

References