CVE-2022-0494

medium

Description

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2039448

https://lore.kernel.org/all/[email protected]/

https://www.debian.org/security/2022/dsa-5161

https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

https://www.debian.org/security/2022/dsa-5173

Details

Source: MITRE

Published: 2022-03-25

Updated: 2022-10-19

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 4.4

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 0.8

Severity: MEDIUM