Vulnerabilities > CVE-2022-0494 - Use of Uninitialized Resource vulnerability in multiple products

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
linux
debian
CWE-908

Summary

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.

Vulnerable Configurations

Part Description Count
OS
Linux
5192
OS
Debian
3

Common Weakness Enumeration (CWE)