Skip to main content

CVE-2022-2380: CWE-125 in Kernel

Medium
VulnerabilityCVE-2022-2380cvecve-2022-2380cwe-125
Published: Wed Jul 13 2022 (07/13/2022, 18:29:25 UTC)
Source: CVE
Vendor/Project: n/a
Product: Kernel

Description

The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel.

AI-Powered Analysis

AILast updated: 06/23/2025, 04:19:55 UTC

Technical Analysis

CVE-2022-2380 is a medium-severity vulnerability identified in the Linux kernel, specifically in the smtcfb_read() function within the framebuffer driver located at drivers/video/fbdev/sm712fb.c. The vulnerability is classified as an out-of-bounds memory access (CWE-125), which occurs when the function attempts to read memory outside the allocated buffer boundaries. This flaw can be triggered by a local attacker with limited privileges (requires local access and low privileges) without any user interaction. Exploiting this vulnerability can cause a denial of service by crashing the kernel, leading to system instability or forced reboots. The affected kernel version is 5.18-rc1, a release candidate version, indicating that the vulnerability was discovered in a relatively recent kernel iteration. The CVSS v3.1 base score is 5.5, reflecting a medium severity level, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). There are no known exploits in the wild at the time of publication, and no official patches linked in the provided data, although it is likely that kernel maintainers have addressed this issue in subsequent releases. The vulnerability is primarily a denial-of-service type, not allowing privilege escalation or data leakage directly, but it can disrupt services running on affected systems.

Potential Impact

For European organizations, the primary impact of CVE-2022-2380 is the potential for local denial-of-service attacks on systems running the affected Linux kernel version 5.18-rc1. While this kernel version is a release candidate and not a long-term stable release, some organizations or developers might be using it for testing or early adoption. A successful exploit could cause system crashes, leading to downtime and potential disruption of critical services, especially in environments relying on Linux-based infrastructure such as servers, embedded devices, or specialized hardware using the sm712 framebuffer driver. Since the vulnerability requires local access, the risk is higher in environments where untrusted users have shell or physical access. The impact on confidentiality and integrity is negligible, but availability is significantly affected. European organizations with high availability requirements, such as financial institutions, healthcare providers, and industrial control systems, could face operational disruptions if this vulnerability is exploited. However, the limited scope of affected kernel versions and the absence of remote exploitability reduce the overall risk for most production environments.

Mitigation Recommendations

1. Upgrade the Linux kernel to a stable version beyond 5.18-rc1 that includes the fix for CVE-2022-2380. Since the vulnerability is in a release candidate kernel, moving to a stable kernel release is strongly recommended. 2. Restrict local access to systems running the affected kernel version by enforcing strict user access controls, limiting shell access to trusted personnel only. 3. Monitor system logs and kernel crash reports for signs of exploitation attempts or unusual crashes related to framebuffer operations. 4. For embedded or specialized devices using the sm712 framebuffer driver, coordinate with hardware vendors to obtain firmware or kernel updates that address this vulnerability. 5. Implement kernel lockdown or security modules (e.g., SELinux, AppArmor) to reduce the attack surface and prevent unauthorized local code execution. 6. Conduct regular vulnerability assessments and patch management to ensure timely updates of kernel versions and drivers. 7. If upgrading the kernel is not immediately feasible, consider disabling or blacklisting the sm712 framebuffer driver if it is not essential to system operation, to mitigate the attack vector.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
redhat
Date Reserved
2022-07-11T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9844c4522896dcbf356b

Added to database: 5/21/2025, 9:09:24 AM

Last enriched: 6/23/2025, 4:19:55 AM

Last updated: 7/25/2025, 7:01:28 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats