2298140 – (CVE-2022-48804) CVE-2022-48804 kernel: vt_ioctl: fix array_index_nospec in vt_setactivate

Bug 2298140 (CVE-2022-48804) - CVE-2022-48804 kernel: vt_ioctl: fix array_index_nospec in vt_setactivate

Summary: CVE-2022-48804 kernel: vt_ioctl: fix array_index_nospec in vt_setactivate

Keywords:
Status:	NEW
Alias:	CVE-2022-48804
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-16 12:29 UTC by OSIDB Bzimport
Modified:	2024-12-04 00:46 UTC (History)
CC List:	4 users (show)
Fixed In Version:	kernel 4.9.302, kernel 4.14.267, kernel 4.19.230, kernel 5.4.180, kernel 5.10.101, kernel 5.15.24, kernel 5.16.10, kernel 5.17
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2024:7043	None	None	None	2024-09-24 09:43:15 UTC
Red Hat Product Errata	RHBA-2024:7198	None	None	None	2024-09-26 09:48:56 UTC
Red Hat Product Errata	RHBA-2024:7236	None	None	None	2024-09-26 14:33:28 UTC
Red Hat Product Errata	RHBA-2024:7637	None	None	None	2024-10-03 14:46:03 UTC
Red Hat Product Errata	RHBA-2024:8227	None	None	None	2024-10-17 06:46:07 UTC
Red Hat Product Errata	RHSA-2024:10771	None	None	None	2024-12-04 00:46:06 UTC
Red Hat Product Errata	RHSA-2024:7000	None	None	None	2024-09-24 02:34:46 UTC
Red Hat Product Errata	RHSA-2024:7001	None	None	None	2024-09-24 00:39:27 UTC
Red Hat Product Errata	RHSA-2024:9315	None	None	None	2024-11-12 09:36:31 UTC

Description OSIDB Bzimport 2024-07-16 12:29:03 UTC

In the Linux kernel, the following vulnerability has been resolved:

vt_ioctl: fix array_index_nospec in vt_setactivate

array_index_nospec ensures that an out-of-bounds value is set to zero
on the transient path. Decreasing the value by one afterwards causes
a transient integer underflow. vsa.console should be decreased first
and then sanitized with array_index_nospec.

Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh
Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU
Amsterdam.

Comment 131 errata-xmlrpc 2024-09-24 00:39:26 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7001 https://access.redhat.com/errata/RHSA-2024:7001

Comment 132 errata-xmlrpc 2024-09-24 02:34:45 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7000 https://access.redhat.com/errata/RHSA-2024:7000

Comment 133 errata-xmlrpc 2024-11-12 09:36:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315

Comment 134 errata-xmlrpc 2024-12-04 00:46:04 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2024:10771 https://access.redhat.com/errata/RHSA-2024:10771

Note You need to log in before you can comment on or make changes to this bug.