CVE-2022-40768

Published: Sep 18, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openwall.com/lists/oss-security/2022/09/09/1

https://lore.kernel.org/all/20220908145154.2284098-1-gregkh%40linuxfoundation.org/

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c

[oss-security] 20220919 Re: Linux kernel: information disclosure in stex_queuecommand_lck

mailing-list

FEDORA-2022-2cfbe17910

vendor-advisory

FEDORA-2022-b948fc3cfb

vendor-advisory

FEDORA-2022-1a5b125ac6

vendor-advisory

[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update

mailing-list

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6022f210461fef67e6e676fd8544ca02d1bcfa7a

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-40768

Description

Affected Products

References