QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-48804

Back to search

CVE-2022-48804

Published: Jul 16, 2024

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec. Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam.

VendorProductVersions

Linux

Linux

affected
0ec459ec174031fad02a55e622cf2fc0d2e75a25 - < 830c5aa302ec16b4ee641aec769462c37f802c90
affected
4334a6ae867aa12f01c1755368fd0de4c926ac75 - < 2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0
affected
e97267cb4d1ee01ca0929638ec0fcbb0904f903d - < 170325aba4608bde3e7d21c9c19b7bc266ac0885
affected
e97267cb4d1ee01ca0929638ec0fcbb0904f903d - < ae3d57411562260ee3f4fd5e875f410002341104
affected
e97267cb4d1ee01ca0929638ec0fcbb0904f903d - < 778302ca09498b448620edd372dc908bebf80bdf

+11 more versions

Linux

Linux

affected
4.19
unaffected
0 - < 4.19
unaffected
4.9.302 - <= 4.9.*
unaffected
4.14.267 - <= 4.14.*
unaffected
4.19.230 - <= 4.19.*

+5 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now