We found results for “”
CVE-2022-40768
Good to know:
Date: September 17, 2022
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
Language: C
Severity Score
Related Resources (18)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version v4.9.331,v4.14.296,v4.19.262,v5.4.218,v5.10.148,v5.15.74,v5.19.16,v6.0.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |