CVE-2022-48839

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jul 16, 2024
Updated: Jul 18, 2024
CWE ID 125

Summary

CVE-2022-48839 is a vulnerability affecting the Linux kernel's net/packet module. The issue arises when an AF_PACKET socket uses PACKET_COPY_THRESH and mmap operations, causing a slab-out-of-bounds access in packet_recvmsg(). This leads to a stack-out-of-bounds issue in the memcpy function, as reported by KASAN. The affected memory is located in the stack of task syz-executor233/3631 and can cause a write of size 165 bytes at the address ffffc9000385fb78. The vulnerability was discovered during the Google Compute Engine's syzkaller project.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share