CVE-2022-48804: vt_ioctl: fix array_index_nospec in vt_setactivate

Published Jul 16, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

vtioctl: fix arrayindexnospec in vtsetactivate

arrayindexnospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with arrayindexnospec.

Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam.

Affected Software

22 affected componentsFixes available
redhat/kernel<4.9.302
4.9.302
redhat/kernel<4.14.267
4.14.267
redhat/kernel<4.19.230
4.19.230
redhat/kernel<5.4.180
5.4.180
redhat/kernel<5.10.101
5.10.101
redhat/kernel<5.15.24
5.15.24
redhat/kernel<5.16.10
5.16.10
redhat/kernel<5.17
5.17
Linux Linux kernel<4.9.302
Linux Linux kernel>=4.10<4.14.267
Linux Linux kernel>=4.15<4.19.320
Linux Linux kernel>=4.20<5.4.180
Linux Linux kernel>=5.5<5.10.101
Linux Linux kernel>=5.11<5.15.24
Linux Linux kernel>=5.16<5.16.10
Linux Linux kernel=5.17-rc1
Linux Linux kernel=5.17-rc2
Linux Linux kernel=5.17-rc3
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

Remediation

Patch Available

https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885

Patch Available

https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0

Patch Available

https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100ec8896d9

Patch Available

https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02

Patch Available

https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf

Patch Available

https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90

Patch Available

https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104

Patch Available

https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118

Event History

Jul 16, 2024
CVE Published
via MITRE·11:43 AM
Data Sourced
via MITRE·11:43 AM
Description
Apr 9, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2022-48804?

CVE-2022-48804 has been classified with a severity rating that indicates a potential risk to the system's integrity and availability.

2

How do I fix CVE-2022-48804?

To fix CVE-2022-48804, upgrade your Linux kernel to the latest versions specified in the remediation section, such as 4.9.302, 4.14.267, 4.19.230, 5.4.180, 5.10.101, 5.15.24, 5.16.10, or 5.17.

3

Which versions of the Linux kernel are affected by CVE-2022-48804?

CVE-2022-48804 affects multiple versions of the Linux kernel prior to the specified remediate versions for each affected release.

4

Is CVE-2022-48804 related to any specific functionality in the Linux kernel?

Yes, CVE-2022-48804 is specifically related to improvements in the vt_ioctl functionality within the Linux kernel.

5

What impact could CVE-2022-48804 have on my system?

If exploited, CVE-2022-48804 could lead to unauthorized access or altered system behavior, potentially compromising system security.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203