Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2022-49788— misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

EPSS 0.03% · P9

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux06164d2b72aa752ce4633184b3e0d97601017135< 7ccf7229b96fadc3a185d1391f814a604c7ef609affected
06164d2b72aa752ce4633184b3e0d97601017135< f04586c2315cfd03d72ad0395705435e7ed07b1aaffected
06164d2b72aa752ce4633184b3e0d97601017135< 5a275528025ae4bc7e2232866856dfebf84b2fadaffected
06164d2b72aa752ce4633184b3e0d97601017135< e7061dd1fef2dfb6458cd521aef27aa66f510d31affected
06164d2b72aa752ce4633184b3e0d97601017135< 62634b43d3c4e1bf62fd540196f7081bf0885c0aaffected
06164d2b72aa752ce4633184b3e0d97601017135< 8e2f33c598370bcf828bab4d667d1d38bcd3c57daffected
06164d2b72aa752ce4633184b3e0d97601017135< 76c50d77b928a33e5290aaa9fdc10e88254ff8c7affected
06164d2b72aa752ce4633184b3e0d97601017135< e5b0d06d9b10f5f43101bd6598b076c347f9295faffected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-49788

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121 instrument_copy_to_user ./include/linux/instrumented.h:121 _copy_to_user+0x5f/0xb0 lib/usercopy.c:33 copy_to_user ./include/linux/uaccess.h:169 vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431 vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925 vfs_ioctl fs/ioctl.c:51 ... Uninit was stored to memory at: kmemdup+0x74/0xb0 mm/util.c:131 dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271 vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339 qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940 vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488 vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927 ... Local variable ev created at: qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 Bytes 28-31 of 48 are uninitialized Memory access of size 48 starts at ffff888035155e00 Data copied to user address 0000000020000100 Use memset() to prevent the infoleaks. Also speculatively fix qp_notify_peer_local(), which may suffer from the same problem.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于vmci_host驱动中未初始化数据泄露,可能导致内核信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 06164d2b72aa752ce4633184b3e0d97601017135 ~ 7ccf7229b96fadc3a185d1391f814a604c7ef609 -
LinuxLinux 3.9 -

II. Public POCs for CVE-2022-49788

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-49788

登录查看更多情报信息。
Patch · 8

Same Patch Batch · Linux · 2025-05-01 · 245 CVEs total

CVE-2022-49854mctp: Fix an error handling path in mctp_init()
CVE-2022-49837bpf: Fix memory leaks in __check_func_call
CVE-2022-49838sctp: clear out_curr if all frag chunks of current msg are pruned
CVE-2022-49840bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
CVE-2022-49839scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
CVE-2022-49841serial: imx: Add missing .thaw_noirq hook
CVE-2022-49842ASoC: core: Fix use-after-free in snd_soc_exit()
CVE-2022-49844can: dev: fix skb drop check
CVE-2022-49845can: j1939: j1939_send_one(): fix missing CAN header initialization
CVE-2022-49846udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
CVE-2022-49847net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload
CVE-2022-49849btrfs: fix match incorrectly in dev_args_match_device
CVE-2022-49848phy: qcom-qmp-combo: fix NULL-deref on runtime resume
CVE-2022-49850nilfs2: fix deadlock in nilfs_count_free_blocks()
CVE-2022-49851riscv: fix reserved memory setup
CVE-2022-49852riscv: process: fix kernel info leakage
CVE-2022-49862tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
CVE-2022-49864drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
CVE-2022-49865ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
CVE-2022-49863can: af_can: fix NULL pointer dereference in can_rx_register()

Showing top 20 of 245 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2022-49788

No comments yet

Leave a comment