CVE-2022-0494 A kernel information leak was found in scsi

When using a scsi_ioctl command with a lower device number than the one the attacker has access to, the information passed to the user-space daemon can be easily determined. It was reported that the scsi_ioctl function in the Linux kernel allows potentially remote attackers to cause a leak of information via unprivileged users. This information leak can be exploited by an attacker to gain root access on a system. This issue does not occur when accessing devices with the same device number. The scsi_ioctl function in the Linux kernel allows local users to cause a partial denial of service (partial hang/reset/softlockup) or possibly leak information via an ioctl call with a lower device number. The information leak is only allowed when the user has CAP_SYS_ADMIN or CAP_SYS_RAWIO capability. It was reported that the scsi_ioctl function in the Linux kernel allows local users to cause a partial denial of service (partial hang/reset/softlockup) or possibly leak information via an ioctl call with a lower device number. The information leak is only allowed when the user has CAP_SYS_ADMIN or CAP_SYS_RAWIO capability. Note that this issue does not allow local users with the above capabilities to cause a total denial of service (kernel crash).

CVE-2023-0393

When using the Linux kernel's JFS filesystem, local users can cause a denial of service (Oops) or possibly have unspecified other impact via a call to the ocfs2_write_begin function. The ocfs2_write_begin function in the Linux kernel before 4.9 allows local users to cause a denial of service (Oops) via an attempt to write to an out-of-range address in a jfs file system that has been mounted read-only.

CVE-2023-4914

Off-by-one errors in the dma_set_mask_and_coherent() function in drivers/dma/Kconfig.c in the Linux kernel before 3.14 allow local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption) via a crafted application that triggers a small buffer size. The off-by-one error occurs when dma_set_mask_and_coherent() fails to allocate a sufficient amount of memory for the request, which causes dma_set_mask() to return NULL and stop changing its argument.

CVE-2023-0510

Linux Kernel:
The Linux kernel is vulnerable to an information leak, which can be exploited by attackers to gain access to sensitive kernel memory data. This issue occurs due to the way the Linux kernel handles I/O requests with a small number of pages allocated for them. The code mishandles page reservations when handling some types of requests. An attacker can leverage this flaw in order to read kernel stack memory (including sensitive information like passwords) or cause a denial of service (panic). Note that it does not allow attackers to bypass KASLR (kernel address space layout randomization).

CVE-2022-0492

CVE-2023-0497

When using a scsi_ioctl command with a lower device number than the one the attacker has access to, the information passed to the user-space daemon can be easily determined. It was reported that the scsi_ioctl function in the Linux kernel allows potentially remote attackers to cause a leak of information via unprivileged users. This information leak can be exploited by an attacker to gain root access on a system. This issue does not occur when accessing devices with the same device number. The scsi_ioctl function in the Linux kernel allows local users to cause a partial denial of service (partial hang/reset/softlockup) or possibly leak information via an ioctl call with a lower device number. The information leak is only allowed when the user has CAP_SYS_ADMIN or CAP_SYS_RAWIO capability. Note that this issue does not allow local users with the above capabilities to cause a total denial of service (kernel crash).

Timeline

Published on: 03/25/2022 19:15:00 UTC
Last modified on: 07/04/2022 11:15:00 UTC

CVE-2022-0494 A kernel information leak was found in scsi_ioctl.