CVE-2022-48769— Linux kernel 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2022-48769の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports [0] that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to QueryVariableInfo(), which we did not use to call on Apple x86 machines in the past as they only upgraded from EFI v1.10 to EFI v2.40 firmware fairly recently, and QueryVariableInfo() (along with UpdateCapsule() et al) was added in EFI v2.00. The only runtime service introduced in EFI v2.00 that we actually use in Linux is QueryVariableInfo(), as the capsule based ones are optional, generally not used at runtime (all the LVFS/fwupd firmware update infrastructure uses helper EFI programs that invoke capsule update at boot time, not runtime), and not implemented by Apple machines in the first place. QueryVariableInfo() is used to 'safely' set variables, i.e., only when there is enough space. This prevents machines with buggy firmwares from corrupting their NVRAMs when they run out of space. Given that Apple machines have been using EFI v1.10 services only for the longest time (the EFI v2.0 spec was released in 2006, and Linux support for the newly introduced runtime services was added in 2011, but the MacbookPro12,1 released in 2015 still claims to be EFI v1.10 only), let's avoid the EFI v2.0 ones on all Apple x86 machines. [0] https://lore.kernel.org/all/6D757C75-65B1-468B-842D-10410081A8E4@live.com/
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于 efi:runtime 模块避免 Apple x86 机器上的 EFIv2 运行时服务。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2022-48769の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2022-48769のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-06-20 · 67 CVEs total
| CVE-2022-48750 | hwmon: (nct6775) Fix crash in clear_caseopen | |
| CVE-2022-48770 | bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() | |
| CVE-2022-48768 | tracing/histogram: Fix a potential memory leak for kstrdup() | |
| CVE-2022-48767 | ceph: properly put ceph_string reference after async create attempt | |
| CVE-2022-48756 | drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable | |
| CVE-2022-48755 | powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06 | |
| CVE-2022-48754 | phylib: fix potential use-after-free | |
| CVE-2022-48753 | block: fix memory leak in disk_register_independent_access_ranges | |
| CVE-2022-48752 | powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending | |
| CVE-2022-48751 | net/smc: Transitional solution for clcsock race issue | |
| CVE-2022-48757 | net: fix information leakage in /proc/net/ptype | |
| CVE-2022-48748 | net: bridge: vlan: fix memory leak in __allowed_ingress | |
| CVE-2022-48749 | drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc | |
| CVE-2022-48747 | block: Fix wrong offset in bio_truncate() | |
| CVE-2022-48745 | net/mlx5: Use del_timer_sync in fw reset flow of halting poll | |
| CVE-2022-48746 | net/mlx5e: Fix handling of wrong devices during bond netevent | |
| CVE-2022-48744 | net/mlx5e: Avoid field-overflowing memcpy() | |
| CVE-2022-48743 | net: amd-xgbe: Fix skb data length underflow | |
| CVE-2022-48742 | rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() | |
| CVE-2022-48741 | ovl: fix NULL pointer dereference in copy up warning |
Showing 20 of 67 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
同じベンダー: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. CVE-2022-48769へのコメント
まだコメントはありません