Bugzilla – Bug 1227984
VUL-0: CVE-2022-48832: kernel: audit: don't deref the syscall args when checking the openat2 open_how::flags
Last modified: 2024-07-18 14:03:41 UTC
In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 open_how::flags As reported by Jeff, dereferencing the openat2 syscall argument in audit_match_perm() to obtain the open_how::flags can result in an oops/page-fault. This patch fixes this by using the open_how struct that we store in the audit_context with audit_openat2_how(). Independent of this patch, Richard Guy Briggs posted a similar patch to the audit mailing list roughly 40 minutes after this patch was posted. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48832 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2022/CVE-2022-48832.mbox https://git.kernel.org/stable/c/310c9ddfdf1f8d3c9834f02175eae79c8b254b6c https://git.kernel.org/stable/c/7a82f89de92aac5a244d3735b2bd162c1147620c https://www.cve.org/CVERecord?id=CVE-2022-48832 https://bugzilla.redhat.com/show_bug.cgi?id=2298171