Vulnerability Name:

CVE-2022-1462 (CCN-227501)

Assigned:2022-05-27
Published:2022-05-27
Updated:2022-10-29
Summary:An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.
CVSS v3 Severity:6.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H)
5.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-362
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2022-1462

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2078466

Source: XF
Type: UNKNOWN
linux-kernel-cve20221462-dos(227501)

Source: CCN
Type: Linux Kernel GIT Repository
tty: Fix data race in tty_insert_flip_string_fixed_flag

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update

Source: CCN
Type: oss-sec Mailing List, Fri, 27 May 2022 22:47:05 +0800
CVE-2022-1462: Linux kernel: A race condition vulnerability in drivers/tty/tty_buffers.c

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://seclists.org/oss-sec/2022/q2/155

Source: CCN
Type: IBM Security Bulletin 7007837 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8029
    P
    kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7539
    P
    kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8090
    P
    reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:4739
    P
    Security update for the Linux Kernel (Important)
    2022-08-26
    oval:org.opensuse.security:def:707
    P
    Security update for the Linux Kernel (Important)
    2022-08-23
    oval:org.opensuse.security:def:697
    P
    Security update for the Linux Kernel (Important)
    2022-08-16
    oval:org.opensuse.security:def:119468
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:125778
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:118792
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:119653
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:126942
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:118982
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:125119
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:118235
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:127340
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:119287
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:125388
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:118655
    P
    Security update for the Linux Kernel (Important)
    2022-08-15
    oval:org.opensuse.security:def:4665
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:6136
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:687
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:6350
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:5322
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:4302
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:6135
    P
    Security update for the Linux Kernel (Important)
    2022-08-09
    oval:org.opensuse.security:def:95273
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:93319
    P
    (Important)
    2022-07-21
    oval:org.opensuse.security:def:589
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:3643
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:95416
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:94051
    P
    (Important)
    2022-07-21
    oval:org.opensuse.security:def:3783
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:95335
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:93477
    P
    (Important)
    2022-07-21
    oval:org.opensuse.security:def:3705
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:95427
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:94263
    P
    (Important)
    2022-07-21
    oval:org.opensuse.security:def:3794
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:95350
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:93630
    P
    (Important)
    2022-07-21
    oval:org.opensuse.security:def:3720
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:94472
    P
    (Important)
    2022-07-21
    oval:org.opensuse.security:def:93159
    P
    (Important)
    2022-07-21
    oval:org.opensuse.security:def:95356
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:93837
    P
    (Important)
    2022-07-21
    oval:org.opensuse.security:def:3726
    P
    Security update for the Linux Kernel (Important)
    2022-07-21
    BACK
    linux linux kernel -
    redhat enterprise linux 8.0
    redhat enterprise linux 9.0
    debian debian linux 10.0
    linux linux kernel -