CVE-2022-2308

A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2103900	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

13 Sep 2022, 19:47

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 6.5

12 Sep 2022, 17:58

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 8.8

07 Sep 2022, 17:51

Type	Values Removed	Values Added
CWE		CWE-908
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2103900 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2103900 - Issue Tracking, Third Party Advisory
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::*
First Time		Linux Linux linux Kernel

01 Sep 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-01 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-2308

Mitre link : CVE-2022-2308

CVE.ORG link : CVE-2022-2308

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-908

Use of Uninitialized Resource

CWE-457

Use of Uninitialized Variable

{"id": "CVE-2022-2308", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.0}]}, "published": "2022-09-01T21:15:09.340", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103900", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-908"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-457"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers."}, {"lang": "es", "value": "Se ha encontrado un fallo en vDPA con el backend VDUSE. Actualmente no se presentan comprobaciones en el controlador del kernel de VDUSE para asegurar que el tama\u00f1o del espacio de configuraci\u00f3n del dispositivo est\u00e1 en l\u00ednea con las caracter\u00edsticas anunciadas por la aplicaci\u00f3n de espacio de usuario de VDUSE. En caso de desajuste, los ayudantes de lectura de configuraci\u00f3n de los controladores de Virtio no inicializan la memoria pasada indirectamente a vduse_vdpa_get_config() devolviendo memoria no inicializada de la pila. Esto podr\u00eda causar un comportamiento indefinido o filtrado de datos en los controladores de Virtio"}], "lastModified": "2022-09-13T19:47:46.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}