Upgrade johnpbloch/wordpress-core to version 3.7.38, 3.8.38, 3.9.36, 4.0.35, 4.1.35, 4.2.32, 4.3.28, 4.4.27, 4.5.26, 4.6.23, 4.7.23, 4.8.19, 4.9.20, 5.0.16, 5.1.13, 5.2.15, 5.3.12, 5.4.10, 5.5.9, 5.6.8, 5.7.6, 5.8.4, 5.9.2 or higher.

Race Condition The advisory has been revoked - it doesn't affect any version of package dlm-kmp-rt (opens in a new tab)

Threat Intelligence

0.04% (5^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Race Condition vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-SLES153-DLMKMPRT-2993351
published26 Aug 2022
disclosed25 Aug 2022

Report a new vulnerability Found a mistake?

Introduced: 25 Aug 2022

CVE-2022-1462 (opens in a new tab) CWE-362 (opens in a new tab)

Amendment

The SLES security team deemed this advisory irrelevant for SLES:15.3.

NVD Description

Note: Versions mentioned in the description apply only to the upstream dlm-kmp-rt package and not the dlm-kmp-rt package as distributed by SLES.

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.