Severity
Medium
Analysis Summary
CVE-2022-40768
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by the lack of a memset for the PASSTHRU_CMD case in drivers/scsi/stex.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from kernel memory, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-37969
Affected Vendors
- Linux
Affected Products
- Linux Kernel 5.19.9
Remediation
Refer to Linux Kernel Web site for patch, upgrade or suggested workaround information.