Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-3170

Out-of-bounds Read

Published: Sep 13, 2022 | Modified: Dec 08, 2022
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
6.7 MODERATE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-3170
CWEhttps://cwe.mitre.org/data/definitions/125.html

An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the id->name provided by the user did not end with 0. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.

Weakness

The product reads data past the end, or before the beginning, of the intended buffer.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 6.0-rc1 (including) 6.0-rc1 (including)
Linux_kernel Linux 6.0-rc2 (including) 6.0-rc2 (including)
Linux_kernel Linux 6.0-rc3 (including) 6.0-rc3 (including)
Linux Ubuntu trusty *
Linux Ubuntu xenial *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu xenial *
Linux-aws-5.0 Ubuntu trusty *
Linux-aws-5.0 Ubuntu xenial *
Linux-aws-5.11 Ubuntu trusty *
Linux-aws-5.11 Ubuntu xenial *
Linux-aws-5.13 Ubuntu trusty *
Linux-aws-5.13 Ubuntu xenial *
Linux-aws-5.15 Ubuntu trusty *
Linux-aws-5.15 Ubuntu xenial *
Linux-aws-5.3 Ubuntu trusty *
Linux-aws-5.3 Ubuntu xenial *
Linux-aws-5.4 Ubuntu trusty *
Linux-aws-5.4 Ubuntu xenial *
Linux-aws-5.8 Ubuntu trusty *
Linux-aws-5.8 Ubuntu xenial *
Linux-aws-hwe Ubuntu trusty *
Linux-aws-hwe Ubuntu xenial *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu xenial *
Linux-azure-4.15 Ubuntu trusty *
Linux-azure-4.15 Ubuntu xenial *
Linux-azure-5.11 Ubuntu trusty *
Linux-azure-5.11 Ubuntu xenial *
Linux-azure-5.13 Ubuntu trusty *
Linux-azure-5.13 Ubuntu xenial *
Linux-azure-5.15 Ubuntu trusty *
Linux-azure-5.15 Ubuntu xenial *
Linux-azure-5.3 Ubuntu trusty *
Linux-azure-5.3 Ubuntu xenial *
Linux-azure-5.4 Ubuntu trusty *
Linux-azure-5.4 Ubuntu xenial *
Linux-azure-5.8 Ubuntu trusty *
Linux-azure-5.8 Ubuntu xenial *
Linux-azure-edge Ubuntu trusty *
Linux-azure-edge Ubuntu xenial *
Linux-azure-fde Ubuntu trusty *
Linux-azure-fde Ubuntu xenial *
Linux-bluefield Ubuntu trusty *
Linux-bluefield Ubuntu xenial *
Linux-dell300x Ubuntu trusty *
Linux-dell300x Ubuntu xenial *
Linux-gcp Ubuntu trusty *
Linux-gcp Ubuntu xenial *
Linux-gcp-4.15 Ubuntu trusty *
Linux-gcp-4.15 Ubuntu xenial *
Linux-gcp-5.11 Ubuntu trusty *
Linux-gcp-5.11 Ubuntu xenial *
Linux-gcp-5.13 Ubuntu trusty *
Linux-gcp-5.13 Ubuntu xenial *
Linux-gcp-5.15 Ubuntu trusty *
Linux-gcp-5.15 Ubuntu xenial *
Linux-gcp-5.3 Ubuntu trusty *
Linux-gcp-5.3 Ubuntu xenial *
Linux-gcp-5.4 Ubuntu trusty *
Linux-gcp-5.4 Ubuntu xenial *
Linux-gcp-5.8 Ubuntu trusty *
Linux-gcp-5.8 Ubuntu xenial *
Linux-gke Ubuntu trusty *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu trusty *
Linux-gke-4.15 Ubuntu xenial *
Linux-gke-5.0 Ubuntu trusty *
Linux-gke-5.0 Ubuntu xenial *
Linux-gke-5.15 Ubuntu trusty *
Linux-gke-5.15 Ubuntu xenial *
Linux-gke-5.3 Ubuntu trusty *
Linux-gke-5.3 Ubuntu xenial *
Linux-gke-5.4 Ubuntu trusty *
Linux-gke-5.4 Ubuntu xenial *
Linux-gkeop Ubuntu trusty *
Linux-gkeop Ubuntu xenial *
Linux-gkeop-5.4 Ubuntu trusty *
Linux-gkeop-5.4 Ubuntu xenial *
Linux-hwe Ubuntu trusty *
Linux-hwe Ubuntu xenial *
Linux-hwe-5.11 Ubuntu trusty *
Linux-hwe-5.11 Ubuntu xenial *
Linux-hwe-5.13 Ubuntu trusty *
Linux-hwe-5.13 Ubuntu xenial *
Linux-hwe-5.15 Ubuntu trusty *
Linux-hwe-5.15 Ubuntu xenial *
Linux-hwe-5.4 Ubuntu trusty *
Linux-hwe-5.4 Ubuntu xenial *
Linux-hwe-5.8 Ubuntu trusty *
Linux-hwe-5.8 Ubuntu xenial *
Linux-hwe-edge Ubuntu trusty *
Linux-hwe-edge Ubuntu xenial *
Linux-ibm Ubuntu trusty *
Linux-ibm Ubuntu xenial *
Linux-ibm-5.4 Ubuntu trusty *
Linux-ibm-5.4 Ubuntu xenial *
Linux-intel-5.13 Ubuntu trusty *
Linux-intel-5.13 Ubuntu xenial *
Linux-intel-iotg Ubuntu trusty *
Linux-intel-iotg Ubuntu xenial *
Linux-intel-iotg-5.15 Ubuntu trusty *
Linux-intel-iotg-5.15 Ubuntu xenial *
Linux-kvm Ubuntu trusty *
Linux-kvm Ubuntu xenial *
Linux-lowlatency Ubuntu trusty *
Linux-lowlatency Ubuntu xenial *
Linux-lowlatency-hwe-5.15 Ubuntu trusty *
Linux-lowlatency-hwe-5.15 Ubuntu xenial *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu xenial *
Linux-oem Ubuntu trusty *
Linux-oem Ubuntu xenial *
Linux-oem-5.10 Ubuntu trusty *
Linux-oem-5.10 Ubuntu xenial *
Linux-oem-5.13 Ubuntu trusty *
Linux-oem-5.13 Ubuntu xenial *
Linux-oem-5.14 Ubuntu trusty *
Linux-oem-5.14 Ubuntu xenial *
Linux-oem-5.17 Ubuntu trusty *
Linux-oem-5.17 Ubuntu xenial *
Linux-oem-5.6 Ubuntu trusty *
Linux-oem-5.6 Ubuntu xenial *
Linux-oem-osp1 Ubuntu trusty *
Linux-oem-osp1 Ubuntu xenial *
Linux-oracle Ubuntu trusty *
Linux-oracle Ubuntu xenial *
Linux-oracle-5.0 Ubuntu trusty *
Linux-oracle-5.0 Ubuntu xenial *
Linux-oracle-5.11 Ubuntu trusty *
Linux-oracle-5.11 Ubuntu xenial *
Linux-oracle-5.13 Ubuntu trusty *
Linux-oracle-5.13 Ubuntu xenial *
Linux-oracle-5.3 Ubuntu trusty *
Linux-oracle-5.3 Ubuntu xenial *
Linux-oracle-5.4 Ubuntu trusty *
Linux-oracle-5.4 Ubuntu xenial *
Linux-oracle-5.8 Ubuntu trusty *
Linux-oracle-5.8 Ubuntu xenial *
Linux-raspi Ubuntu trusty *
Linux-raspi Ubuntu xenial *
Linux-raspi-5.4 Ubuntu trusty *
Linux-raspi-5.4 Ubuntu xenial *
Linux-raspi2 Ubuntu trusty *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2-5.3 Ubuntu trusty *
Linux-raspi2-5.3 Ubuntu xenial *
Linux-riscv Ubuntu trusty *
Linux-riscv Ubuntu xenial *
Linux-riscv-5.11 Ubuntu trusty *
Linux-riscv-5.11 Ubuntu xenial *
Linux-riscv-5.8 Ubuntu trusty *
Linux-riscv-5.8 Ubuntu xenial *
Linux-snapdragon Ubuntu trusty *
Linux-snapdragon Ubuntu xenial *

Potential Mitigations

  • Assume all input is malicious. Use an “accept known good” input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, “boat” may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as “red” or “blue.”
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code’s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use