CVE-2022-48627

vt: fix memory overlapping when deleting chars in the buffer

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory
overlapping copy can cause data corruption when scr_memcpyw is optimized
to memcpy because memcpy does not ensure its behavior if the destination
buffer overlaps with the source buffer. The line buffer is not always
broken, because the memcpy utilizes the hardware acceleration, whose
result is not deterministic. Fix this problem by using replacing the scr_memcpyw with scr_memmovew.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vt: corrige la superposición de memoria al eliminar caracteres en el búfer. Se produce una copia de memoria superpuesta al eliminar una línea larga. Esta copia superpuesta de memoria puede causar corrupción de datos cuando scr_memcpyw está optimizado para memcpy porque memcpy no garantiza su comportamiento si el búfer de destino se superpone con el búfer de origen. El búfer de línea no siempre está roto, porque memcpy utiliza la aceleración de hardware, cuyo resultado no es determinista. Solucione este problema reemplazando scr_memcpyw con scr_memmoew.

A flaw was found in the Linux kernel's virtual terminal driver which causes a memory overlapping copy to occur, this overlapping copy can lead to data corruption and could potentially allow an attacker interacting with a virtual terminal to corrupt or expose system memory.

In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not deterministic. Fix this problem by using replacing the scr_memcpyw with scr_memmovew.

It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

Multiple

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-03-02 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/81732c3b2fede049a692e58a7ceabb6d18ffb18c	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c8686c014b5e872ba7e334f33ca553f14446fc29	2024-04-13
https://git.kernel.org/stable/c/815be99d934e3292906536275f2b8d5131cdf52c	2024-04-13
https://git.kernel.org/stable/c/bfee93c9a6c395f9aa62268f1cedf64999844926	2022-07-21
https://git.kernel.org/stable/c/57964a5710252bc82fe22d9fa98c180c58c20244	2022-07-21
https://git.kernel.org/stable/c/14d2cc21ca622310babf373e3a8f0b40acfe8265	2022-07-22
https://git.kernel.org/stable/c/39cdb68c64d84e71a4a717000b6e5de208ee60cc	2022-06-30

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-48627	2024-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=2267509	2024-08-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 4.19.312 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 4.19.312"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 5.4.274 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 5.4.274"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 5.10.132 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 5.10.132"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 5.15.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 5.15.56"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 5.18.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 5.18.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 5.19"		en		Affected