Description

In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 open_how::flags As reported by Jeff, dereferencing the openat2 syscall argument in audit_match_perm() to obtain the open_how::flags can result in an oops/page-fault. This patch fixes this by using the open_how struct that we store in the audit_context with audit_openat2_how(). Independent of this patch, Richard Guy Briggs posted a similar patch to the audit mailing list roughly 40 minutes after this patch was posted.

INFO

Published Date :

2024-07-16T11:44:15.305Z

Last Modified :

2025-05-04T08:24:16.022Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-48832 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-48832.

URL Resource
https://git.kernel.org/stable/c/310c9ddfdf1f8d3c9834f02175eae79c8b254b6c cve-icon cve-icon
https://git.kernel.org/stable/c/7a82f89de92aac5a244d3735b2bd162c1147620c cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024071653-CVE-2022-48832-1322@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-48832 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-48832 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact