[SRU][Xenial][PATCH 0/1] CVE-2022-0494
Yuxuan Luo
yuxuan.luo at canonical.com
Thu Feb 23 19:09:34 UTC 2023
[Impact]
A kernel information leak flaw was identified in the scsi_ioctl function in
drivers/scsi/scsi_ioctl.c in the Linux kernel due to reading an uninitialized
chunk of memory. This flaw allows a local attacker with a special user privilege
(CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
[Backport]
Since the vulnerability is fixed by adding a flag when allocating the buffer,
all the refactoring commits can be ignored.
[Test]
Compile tested.
[Potential Regression]
Expecting low risk of potential regression which should be limited within the
changed file.
Yuxuan Luo (1):
block-map: add __GFP_ZERO flag for alloc_page in function
bio_copy_kern
block/bio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list