Bug 2298171 (CVE-2022-48832) - CVE-2022-48832 kernel: audit: don't deref the syscall args when checking the openat2 open_how::flags
Summary: CVE-2022-48832 kernel: audit: don't deref the syscall args when checking ...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-48832
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-16 12:50 UTC by OSIDB Bzimport
Modified: 2024-09-04 20:28 UTC (History)
5 users (show)

Fixed In Version: kernel 5.16.10, kernel 5.17
Clone Of:
Environment:
Last Closed: 2024-09-04 20:28:19 UTC
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-07-16 12:50:45 UTC 
In the Linux kernel, the following vulnerability has been resolved:

audit: don't deref the syscall args when checking the openat2 open_how::flags

As reported by Jeff, dereferencing the openat2 syscall argument in
audit_match_perm() to obtain the open_how::flags can result in an
oops/page-fault.  This patch fixes this by using the open_how struct
that we store in the audit_context with audit_openat2_how().

Independent of this patch, Richard Guy Briggs posted a similar patch
to the audit mailing list roughly 40 minutes after this patch was
posted.
Comment 7 Richard Guy Briggs 2024-09-04 20:28:19 UTC 
The following command would have also informed that none of the branches listed above are vulnerable to the "Fixes" tag listed in commit 7a82f89de92a ("audit: don't deref the syscall args when checking the openat2 open_how::flags"):

 kerneloscope downstream 1c30e3af8a79
Note You need to log in before you can comment on or make changes to this bug.