Vulnerabilities > CVE-2022-40768 - Use of Uninitialized Resource vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

Vulnerable Configurations

Part Description Count
OS
Linux
5253
OS
Fedoraproject
3
OS
Debian
1

Common Weakness Enumeration (CWE)

References