{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48804", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.896Z", "datePublished": "2024-07-16T11:43:56.278Z", "dateUpdated": "2024-09-11T17:34:14.042Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T11:43:56.278Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt_ioctl: fix array_index_nospec in vt_setactivate\n\narray_index_nospec ensures that an out-of-bounds value is set to zero\non the transient path. Decreasing the value by one afterwards causes\na transient integer underflow. vsa.console should be decreased first\nand then sanitized with array_index_nospec.\n\nKasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU\nAmsterdam."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/vt/vt_ioctl.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "830c5aa302ec", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "2a45a6bd1e6d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "170325aba460", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ae3d57411562", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "778302ca0949", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ffe54289b02e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "6550bdf52846", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "61cc70d9e8ef", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/vt/vt_ioctl.c"], "versions": [{"version": "4.9.302", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.14.267", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.230", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.180", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.101", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.24", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.10", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90"}, {"url": "https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0"}, {"url": "https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885"}, {"url": "https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104"}, {"url": "https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf"}, {"url": "https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118"}, {"url": "https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02"}, {"url": "https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9"}], "title": "vt_ioctl: fix array_index_nospec in vt_setactivate", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.606Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48804", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:58:54.114050Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:14.042Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48804", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.896Z", "datePublished": "2024-07-16T11:43:56.278Z", "dateUpdated": "2024-08-03T15:25:01.606Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T11:43:56.278Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt_ioctl: fix array_index_nospec in vt_setactivate\n\narray_index_nospec ensures that an out-of-bounds value is set to zero\non the transient path. Decreasing the value by one afterwards causes\na transient integer underflow. vsa.console should be decreased first\nand then sanitized with array_index_nospec.\n\nKasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU\nAmsterdam."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/vt/vt_ioctl.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "830c5aa302ec", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "2a45a6bd1e6d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "170325aba460", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ae3d57411562", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "778302ca0949", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ffe54289b02e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "6550bdf52846", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "61cc70d9e8ef", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/vt/vt_ioctl.c"], "versions": [{"version": "4.9.302", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.14.267", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.230", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.180", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.101", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.24", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.10", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90"}, {"url": "https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0"}, {"url": "https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885"}, {"url": "https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104"}, {"url": "https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf"}, {"url": "https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118"}, {"url": "https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02"}, {"url": "https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9"}], "title": "vt_ioctl: fix array_index_nospec in vt_setactivate", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48804", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:58:54.114050Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:21.506Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB8C5CE9-1D6E-4315-853C-949A5E076B69", "versionEndExcluding": "4.9.302", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD3CEBEB-60B8-4EA2-B346-6ADF49F754D9", "versionEndExcluding": "4.14.267", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3421D9CE-A117-4146-823F-2EC2FE3AD3E1", "versionEndExcluding": "4.19.320", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6808B38F-AD73-4D55-A158-6EF605E8EB66", "versionEndExcluding": "5.4.180", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A154171E-A3B9-42BE-9E97-C9B0EA43FC54", "versionEndExcluding": "5.10.101", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "866451F0-299E-416C-B0B8-AE6B33E62CCA", "versionEndExcluding": "5.15.24", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "679523BA-1392-404B-AB85-F5A5408B1ECC", "versionEndExcluding": "5.16.10", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt_ioctl: fix array_index_nospec in vt_setactivate\n\narray_index_nospec ensures that an out-of-bounds value is set to zero\non the transient path. Decreasing the value by one afterwards causes\na transient integer underflow. vsa.console should be decreased first\nand then sanitized with array_index_nospec.\n\nKasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU\nAmsterdam."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vt_ioctl: corrige array_index_nospec en vt_setactivate array_index_nospec garantiza que un valor fuera de los l\u00edmites se establezca en cero en la ruta transitoria. Disminuir el valor en uno posteriormente provoca un desbordamiento de enteros transitorio. vsa.console debe reducirse primero y luego desinfectarse con array_index_nospec. Agradecimientos de Kasper: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida del grupo VUSec en VU Amsterdam."}], "id": "CVE-2022-48804", "lastModified": "2024-09-09T18:19:25.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-16T12:15:04.830", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: vt_ioctl: fix array_index_nospec in vt_setactivate", "id": "2298140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298140"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvt_ioctl: fix array_index_nospec in vt_setactivate\narray_index_nospec ensures that an out-of-bounds value is set to zero\non the transient path. Decreasing the value by one afterwards causes\na transient integer underflow. vsa.console should be decreased first\nand then sanitized with array_index_nospec.\nKasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU\nAmsterdam."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48804", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48804\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48804\nhttps://lore.kernel.org/linux-cve-announce/2024071645-CVE-2022-48804-f191@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.9.302, kernel 4.14.267, kernel 4.19.230, kernel 5.4.180, kernel 5.10.101, kernel 5.15.24, kernel 5.16.10, kernel 5.17"}