CVE-2022-48747
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/06/2024
Last modified:
24/03/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
block: Fix wrong offset in bio_truncate()<br />
<br />
bio_truncate() clears the buffer outside of last block of bdev, however<br />
current bio_truncate() is using the wrong offset of page. So it can<br />
return the uninitialized data.<br />
<br />
This happened when both of truncated/corrupted FS and userspace (via<br />
bdev) are trying to read the last of bdev.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4.176 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.96 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.19 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.16.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/3ee859e384d453d6ac68bfd5971f630d9fa46ad3
- https://git.kernel.org/stable/c/4633a79ff8bc82770486a063a08b55e5162521d8
- https://git.kernel.org/stable/c/6cbf4c731d7812518cd857c2cfc3da9fd120f6ae
- https://git.kernel.org/stable/c/941d5180c430ce5b0f7a3622ef9b76077bfa3d82
- https://git.kernel.org/stable/c/b63e120189fd92aff00096d11e2fc5253f60248b
- https://git.kernel.org/stable/c/3ee859e384d453d6ac68bfd5971f630d9fa46ad3
- https://git.kernel.org/stable/c/4633a79ff8bc82770486a063a08b55e5162521d8
- https://git.kernel.org/stable/c/6cbf4c731d7812518cd857c2cfc3da9fd120f6ae
- https://git.kernel.org/stable/c/941d5180c430ce5b0f7a3622ef9b76077bfa3d82
- https://git.kernel.org/stable/c/b63e120189fd92aff00096d11e2fc5253f60248b