{"vulnerability": "CVE-2022-48855", "sightings": [{"uuid": "d61a0b60-0257-41b7-8d18-9a6e75d3938f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48855", "type": "seen", "source": "https://t.me/cvedetector/969", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48855 - Linux SCTP Stack Kernel Infoleak\", \n  \"Content\": \"CVE ID : CVE-2022-48855 \nPublished : July 16, 2024, 1:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nsctp: fix kernel-infoleak for SCTP sockets  \n  \nsyzbot reported a kernel infoleak [1] of 4 bytes.  \n  \nAfter analysis, it turned out r->idiag_expires is not initialized  \nif inet_sctp_diag_fill() calls inet_diag_msg_common_fill()  \n  \nMake sure to clear idiag_timer/idiag_retrans/idiag_expires  \nand let inet_diag_msg_sctpasoc_fill() fill them again if needed.  \n  \n[1]  \n  \nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]  \nBUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline]  \nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668  \n instrument_copy_to_user include/linux/instrumented.h:121 [inline]  \n copyout lib/iov_iter.c:154 [inline]  \n _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668  \n copy_to_iter include/linux/uio.h:162 [inline]  \n simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519  \n __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425  \n skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533  \n skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline]  \n netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977  \n sock_recvmsg_nosec net/socket.c:948 [inline]  \n sock_recvmsg net/socket.c:966 [inline]  \n __sys_recvfrom+0x795/0xa10 net/socket.c:2097  \n __do_sys_recvfrom net/socket.c:2115 [inline]  \n __se_sys_recvfrom net/socket.c:2111 [inline]  \n __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2111  \n do_syscall_x64 arch/x86/entry/common.c:51 [inline]  \n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82  \n entry_SYSCALL_64_after_hwframe+0x44/0xae  \n  \nUninit was created at:  \n slab_post_alloc_hook mm/slab.h:737 [inline]  \n slab_alloc_node mm/slub.c:3247 [inline]  \n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975  \n kmalloc_reserve net/core/skbuff.c:354 [inline]  \n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426  \n alloc_skb include/linux/skbuff.h:1158 [inline]  \n netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248  \n __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373  \n netlink_dump_start include/linux/netlink.h:254 [inline]  \n inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341  \n sock_diag_rcv_msg+0x24a/0x620  \n netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494  \n sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:277  \n netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]  \n netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343  \n netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919  \n sock_sendmsg_nosec net/socket.c:705 [inline]  \n sock_sendmsg net/socket.c:725 [inline]  \n sock_write_iter+0x594/0x690 net/socket.c:1061  \n do_iter_readv_writev+0xa7f/0xc70  \n do_iter_write+0x52c/0x1500 fs/read_write.c:851  \n vfs_writev fs/read_write.c:924 [inline]  \n do_writev+0x645/0xe00 fs/read_write.c:967  \n __do_sys_writev fs/read_write.c:1040 [inline]  \n __se_sys_writev fs/read_write.c:1037 [inline]  \n __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037  \n do_syscall_x64 arch/x86/entry/common.c:51 [inline]  \n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82  \n entry_SYSCALL_64_after_hwframe+0x44/0xae  \n  \nBytes 68-71 of 2508 are uninitialized  \nMemory access of size 2508 starts at ffff888114f9b000  \nData copied to user address 00007f7fe09ff2e0  \n  \nCPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T16:17:14.000000Z"}]}