CVE-2022-40768

Опубликовано: 18 сент. 2022

Источник: debian

EPSS Низкий

Описание

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
linux	fixed	6.0.2-1		package
linux	fixed	5.10.148-1	bullseye	package

Примечания

https://www.openwall.com/lists/oss-security/2022/09/09/1
https://git.kernel.org/linus/6022f210461fef67e6e676fd8544ca02d1bcfa7a

EPSS

Процентиль: 4%

0.0002

Низкий

Связанные уязвимости

CVE-2022-40768

CVSS3: 5.5

ubuntu

почти 3 года назад

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

CVE-2022-40768

CVSS3: 5.5

redhat

почти 3 года назад

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

CVE-2022-40768

CVSS3: 5.5

nvd

почти 3 года назад

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

CVE-2022-40768

CVSS3: 5.5

msrc

почти 3 года назад

Описание отсутствует

GHSA-c4m7-c462-xmqc

CVSS3: 5.5

github

почти 3 года назад

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

EPSS

Процентиль: 4%

0.0002

Низкий