CVE-2022-0850
kernel: information leak in copy_page_to_iter() in iov_iter.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
Se encontró una vulnerabilidad en el kernel de linux, donde es producido un filtrado de información por medio de la función ext4_extent_header al espacio de usuario
An information leak flaw was found via ext4_extent_header in fs/ext4/extents.c in the Linux kernel. This flaw could allow a local attacker to cause a denial of service.
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-04 CVE Reserved
- 2022-04-12 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2025-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2060606 | 2024-08-02 | |
| https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8 | 2024-08-02 |
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe | 2023-10-05 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-0850 | 2022-05-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.4.276 Search vendor "Linux" for product "Linux Kernel" and version " < 4.4.276" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.276 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.276" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.240 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.240" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.19.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.198" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.4.132 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.132" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.5.0 < 5.10.50 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5.0 < 5.10.50" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 5.12.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.12.17" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.13 < 5.13.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.13.2" | - |
Affected
| ||||||