Vulnerabilities > CVE-2022-48804 - Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec. Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90
- https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0
- https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885
- https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104
- https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf
- https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118
- https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02
- https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9