CVE-2022-0494

medium

Description

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2039448

https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

https://lore.kernel.org/all/[email protected]/

https://www.debian.org/security/2022/dsa-5161

https://www.debian.org/security/2022/dsa-5173

Details

Published: 2022-03-25

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Severity: Medium