drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. References: https://www.openwall.com/lists/oss-security/2022/09/09/1 https://www.openwall.com/lists/oss-security/2022/09/19/1 Upstream patch: https://lore.kernel.org/all/20220908145154.2284098-1-gregkh@linuxfoundation.org/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2128463]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-40768