CVE-2022-40768: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-40768 is a vulnerability discovered in the Linux kernel through version 5.19.9, specifically in the Promise SuperTrak EX storage controller driver (drivers/scsi/stex.c). The vulnerability was discovered by Xingyuan Mo and Gengjia Chen of IceSword Lab, 360, and was reported on September 8, 2022. The flaw allows local users to obtain sensitive information from kernel memory due to improper handling of memory initialization (Ubuntu, NVD).

The vulnerability exists in the stexqueuecommandlck() function within drivers/scsi/stex.c. The issue occurs because the function lacks proper memory initialization (memset) for the PASSTHRUCMD case. Specifically, when handling the PASSTHRUGETDRVVER command, a structure (struct stdrvver ver) is declared on the stack but not zeroed out before being copied back to user space, which can lead to information leakage (Openwall).

The vulnerability allows local users with access to the Promise SuperTrak EX storage controller to obtain sensitive information from kernel memory, potentially including kernel space addresses. This information disclosure could be leveraged by attackers to gather intelligence about the system's memory layout, potentially facilitating other attacks (Debian LTS).

The vulnerability was patched in the Linux kernel with commit 6022f210461fef67e6e676fd8544ca02d1bcfa7a. The fix involves properly initializing the passthrough command structure by using static initialization to ensure all unused fields are automatically zeroed. Users should update their Linux kernel to a version containing this fix (Kernel Patch).