CVE-2022-48839
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Jul 16, 2024
Updated: Jul 18, 2024
CWE ID 125
Summary
CVE-2022-48839 is a vulnerability affecting the Linux kernel's net/packet module. The issue arises when an AF_PACKET socket uses PACKET_COPY_THRESH and mmap operations, causing a slab-out-of-bounds access in packet_recvmsg(). This leads to a stack-out-of-bounds issue in the memcpy function, as reported by KASAN. The affected memory is located in the stack of task syz-executor233/3631 and can cause a write of size 165 bytes at the address ffffc9000385fb78. The vulnerability was discovered during the Google Compute Engine's syzkaller project.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share