CVE-2022-43750 (High) detected in linuxlinux-4.19.239

Question

CVE-2022-43750 (High) detected in linuxlinux-4.19.239

mend-bolt-for-github opened this issue 2 years ago · 1 comments

mend-bolt-for-github commented 2 years ago

CVE-2022-43750 - High Severity Vulnerability

Vulnerable Library - linuxlinux-4.19.239

The Linux Kernel

Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux

Found in HEAD commit: 8b7c061438f230c475fd8cd97a0917f6ebb9fbe0

Found in base branch: master

Vulnerable Source Files (2)

/drivers/usb/mon/mon_bin.c
/drivers/usb/mon/mon_bin.c

Vulnerability Details

drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.

Publish Date: 2022-10-26

URL: CVE-2022-43750

CVSS 3 Score Details (7.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2022-43750

Release Date: 2022-10-26

Fix Resolution: v4.9.331,v4.14.296,v4.19.262,v5.4.218,v5.10.148,v5.15.73,v6.0.1

Step up your Open Source Security Game with Mend here

Answer 1 · 2022-11-26T01:12:01.000Z

ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.