CVE-2022-40768 Information

Description

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

Reference

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c https://www.openwall.com/lists/oss-security/2022/09/09/1 https://lore.kernel.org/all/20220908145154.2284098-1-gregkh@linuxfoundation.org/ http://www.openwall.com/lists/oss-security/2022/09/19/1