QwikSec

Security Database

CVE

CWE

Training

CVE-2022-3170

Published: Sep 13, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.

Vendor	Product	Versions
n/a	kernel	affected `fixed in kernel 6.0-rc4`

Weaknesses (CWE)

References

https://github.com/torvalds/linux/commit/6ab55ec0a938c7f943a4edba3d6514f775983887

x_refsource_MISC

https://github.com/torvalds/linux/commit/5934d9a0383619c14df91af8fd76261dc3de2f5f

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.