Bug 1195199 - (CVE-2022-0382) VUL-0: CVE-2022-0382: kernel-source-rt,kernel-source,kernel-source-azure: kernel: information leak due to uninitialized memory in __tipc_sendmsg() in net/tipc/socket.c
(CVE-2022-0382)
VUL-0: CVE-2022-0382: kernel-source-rt,kernel-source,kernel-source-azure: ker...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/321811/
CVSSv3.1:SUSE:CVE-2022-0382:5.5:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-27 10:53 UTC by Carlos López
Modified: 2022-07-21 20:28 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-01-27 10:53:47 UTC
rh#2046440

A flaw was found in the Linux kernel. There is a information leak due to uninitialized memory in __tipc_sendmsg() in net/tipc/socket.c.

Reference and upstream patch:
https://github.com/torvalds/linux/commit/d6d86830705f173fca6087a3e67ceaf68db80523

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2046440
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0382
Comment 1 Carlos López 2022-01-27 10:55:30 UTC
The SLE15-SP4 branch is affected. Stable and master already contain the fixing commit.
Comment 3 Thomas Bogendoerfer 2022-02-02 09:33:50 UTC
Fix is now present in all affected branches:

SLE15-SP4        322fbf82902c

Reassigning back to the security team.
Comment 9 Carlos López 2022-06-08 13:49:24 UTC
Done, closing.