Add CVE-2022-1462

author: Salvatore Bonaccorso <carnil@debian.org> 2022-05-26 22:53:33 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-05-26 22:53:33 +0200
commit: 5c3e1d5b71b6e045f5d6180d08fad980baab9c84 (patch)
tree: b1bd6c522fb9d7b153451e4f04b996182a8238a0 /active
parent: f62fe933fa791faa9c182e9bb6d145d7628310bc (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/active/CVE-2022-1462 b/active/CVE-2022-1462
new file mode 100644
index 000000000..c4533bdee
--- /dev/null
+++ b/active/CVE-2022-1462
@@ -0,0 +1,21 @@
+Description:
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2078466
+Notes:
+ carnil> As of 2022-05-26 not much details provided in RH bugzilla:
+ carnil> descriptions reads as An out-of-bounds read flaw was found in
+ carnil> the Linux kernel’s TeleTYpe subsystem. The issue occurs in
+ carnil> how a user triggers a race condition using ioctls TIOCSPTLCK
+ carnil> and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory
+ carnil> in the flush_to_ldisc function. This flaw allows a local user
+ carnil> to crash the system or read unauthorized random data from
+ carnil> memory.
+Bugs:
+upstream:
+5.10-upstream-stable:
+4.19-upstream-stable:
+4.9-upstream-stable:
+sid:
+5.10-bullseye-security:
+4.19-buster-security:
+4.9-stretch-security:
author	Salvatore Bonaccorso <carnil@debian.org>	2022-05-26 22:53:33 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-05-26 22:53:33 +0200
commit	5c3e1d5b71b6e045f5d6180d08fad980baab9c84 (patch)
tree	b1bd6c522fb9d7b153451e4f04b996182a8238a0 /active
parent	f62fe933fa791faa9c182e9bb6d145d7628310bc (diff)