{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-48804","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-16T11:38:08.896Z","datePublished":"2024-07-16T11:43:56.278Z","dateUpdated":"2025-12-23T13:20:34.269Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-12-23T13:20:34.269Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvt_ioctl: fix array_index_nospec in vt_setactivate\n\narray_index_nospec ensures that an out-of-bounds value is set to zero\non the transient path. Decreasing the value by one afterwards causes\na transient integer underflow. vsa.console should be decreased first\nand then sanitized with array_index_nospec.\n\nKasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh\nRazavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU\nAmsterdam."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/tty/vt/vt_ioctl.c"],"versions":[{"version":"0ec459ec174031fad02a55e622cf2fc0d2e75a25","lessThan":"830c5aa302ec16b4ee641aec769462c37f802c90","status":"affected","versionType":"git"},{"version":"4334a6ae867aa12f01c1755368fd0de4c926ac75","lessThan":"2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0","status":"affected","versionType":"git"},{"version":"e97267cb4d1ee01ca0929638ec0fcbb0904f903d","lessThan":"170325aba4608bde3e7d21c9c19b7bc266ac0885","status":"affected","versionType":"git"},{"version":"e97267cb4d1ee01ca0929638ec0fcbb0904f903d","lessThan":"ae3d57411562260ee3f4fd5e875f410002341104","status":"affected","versionType":"git"},{"version":"e97267cb4d1ee01ca0929638ec0fcbb0904f903d","lessThan":"778302ca09498b448620edd372dc908bebf80bdf","status":"affected","versionType":"git"},{"version":"e97267cb4d1ee01ca0929638ec0fcbb0904f903d","lessThan":"ffe54289b02e9c732d6f04c8ebbe3b2d90d32118","status":"affected","versionType":"git"},{"version":"e97267cb4d1ee01ca0929638ec0fcbb0904f903d","lessThan":"6550bdf52846f85a2a3726a5aa0c7c4399f2fc02","status":"affected","versionType":"git"},{"version":"e97267cb4d1ee01ca0929638ec0fcbb0904f903d","lessThan":"61cc70d9e8ef5b042d4ed87994d20100ec8896d9","status":"affected","versionType":"git"},{"version":"458697ab18b512445ac273ce68a9f8fd623fc0a3","status":"affected","versionType":"git"},{"version":"1aa698b65186c13ed775896ed1dfec7c26c73d60","status":"affected","versionType":"git"},{"version":"52ef74c21c277e50de771fc722d814a830b3036b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/tty/vt/vt_ioctl.c"],"versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","status":"unaffected","versionType":"semver"},{"version":"4.9.302","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.267","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.230","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.180","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.101","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.24","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.10","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.130","versionEndExcluding":"4.9.302"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.73","versionEndExcluding":"4.14.267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"4.19.230"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.4.180"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.10.101"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.15.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.16.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.62"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18.11"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90"},{"url":"https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0"},{"url":"https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885"},{"url":"https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104"},{"url":"https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf"},{"url":"https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118"},{"url":"https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02"},{"url":"https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9"}],"title":"vt_ioctl: fix array_index_nospec in vt_setactivate","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:25:01.606Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48804","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:58:54.114050Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:14.042Z"}}]}}