Race condition vulnerability in Linux kernel's TeleTYpe subsystem allows local users to crash the system or read unauthorized random data from memory

Race condition vulnerability in Linux kernel's TeleTYpe subsystem allows local users to crash the system or read unauthorized random data from memory

CVE-2022-1462 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.