CWE-668
DiscouragedExposure of Resource to Wrong Sphere
Abstraction: Class · Status: Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
1252 vulnerabilities reference this CWE, most recent first.
GHSA-JXFC-QG7H-GW67
Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler
Naresh Kamboju reported a "Bad frame pointer" kernel warning while running LTP trace ftrace_stress_test.sh in riscv. We can reproduce the same issue with the following command:
$ cd /sys/kernel/debug/tracing
$ echo 'f:myprobe do_nanosleep%return args1=$retval' > dynamic_events
$ echo 1 > events/fprobes/enable
$ echo 1 > tracing_on
$ sleep 1
And we can get the following kernel warning:
[ 127.692888] ------------[ cut here ]------------ [ 127.693755] Bad frame pointer: expected ff2000000065be50, received ba34c141e9594000 [ 127.693755] from func do_nanosleep return to ffffffff800ccb16 [ 127.698699] WARNING: CPU: 1 PID: 129 at kernel/trace/fgraph.c:755 ftrace_return_to_handler+0x1b2/0x1be [ 127.699894] Modules linked in: [ 127.700908] CPU: 1 UID: 0 PID: 129 Comm: sleep Not tainted 6.14.0-rc3-g0ab191c74642 #32 [ 127.701453] Hardware name: riscv-virtio,qemu (DT) [ 127.701859] epc : ftrace_return_to_handler+0x1b2/0x1be [ 127.702032] ra : ftrace_return_to_handler+0x1b2/0x1be [ 127.702151] epc : ffffffff8013b5e0 ra : ffffffff8013b5e0 sp : ff2000000065bd10 [ 127.702221] gp : ffffffff819c12f8 tp : ff60000080853100 t0 : 6e00000000000000 [ 127.702284] t1 : 0000000000000020 t2 : 6e7566206d6f7266 s0 : ff2000000065bd80 [ 127.702346] s1 : ff60000081262000 a0 : 000000000000007b a1 : ffffffff81894f20 [ 127.702408] a2 : 0000000000000010 a3 : fffffffffffffffe a4 : 0000000000000000 [ 127.702470] a5 : 0000000000000000 a6 : 0000000000000008 a7 : 0000000000000038 [ 127.702530] s2 : ba34c141e9594000 s3 : 0000000000000000 s4 : ff2000000065bdd0 [ 127.702591] s5 : 00007fff8adcf400 s6 : 000055556dc1d8c0 s7 : 0000000000000068 [ 127.702651] s8 : 00007fff8adf5d10 s9 : 000000000000006d s10: 0000000000000001 [ 127.702710] s11: 00005555737377c8 t3 : ffffffff819d899e t4 : ffffffff819d899e [ 127.702769] t5 : ffffffff819d89a0 t6 : ff2000000065bb18 [ 127.702826] status: 0000000200000120 badaddr: 0000000000000000 cause: 0000000000000003 [ 127.703292] [] ftrace_return_to_handler+0x1b2/0x1be [ 127.703760] [] return_to_handler+0x16/0x26 [ 127.704009] [] return_to_handler+0x0/0x26 [ 127.704057] [] common_nsleep+0x42/0x54 [ 127.704117] [] __riscv_sys_clock_nanosleep+0xba/0x10a [ 127.704176] [] do_trap_ecall_u+0x188/0x218 [ 127.704295] [] handle_exception+0x14a/0x156 [ 127.705436] ---[ end trace 0000000000000000 ]---
The reason is that the stack layout for constructing argument for the ftrace_return_to_handler in the return_to_handler does not match the __arch_ftrace_regs structure of riscv, leading to unexpected results.
{
"affected": [],
"aliases": [
"CVE-2025-22069"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T15:16:01Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler\n\nNaresh Kamboju reported a \"Bad frame pointer\" kernel warning while\nrunning LTP trace ftrace_stress_test.sh in riscv. We can reproduce the\nsame issue with the following command:\n\n```\n$ cd /sys/kernel/debug/tracing\n$ echo \u0027f:myprobe do_nanosleep%return args1=$retval\u0027 \u003e dynamic_events\n$ echo 1 \u003e events/fprobes/enable\n$ echo 1 \u003e tracing_on\n$ sleep 1\n```\n\nAnd we can get the following kernel warning:\n\n[ 127.692888] ------------[ cut here ]------------\n[ 127.693755] Bad frame pointer: expected ff2000000065be50, received ba34c141e9594000\n[ 127.693755] from func do_nanosleep return to ffffffff800ccb16\n[ 127.698699] WARNING: CPU: 1 PID: 129 at kernel/trace/fgraph.c:755 ftrace_return_to_handler+0x1b2/0x1be\n[ 127.699894] Modules linked in:\n[ 127.700908] CPU: 1 UID: 0 PID: 129 Comm: sleep Not tainted 6.14.0-rc3-g0ab191c74642 #32\n[ 127.701453] Hardware name: riscv-virtio,qemu (DT)\n[ 127.701859] epc : ftrace_return_to_handler+0x1b2/0x1be\n[ 127.702032] ra : ftrace_return_to_handler+0x1b2/0x1be\n[ 127.702151] epc : ffffffff8013b5e0 ra : ffffffff8013b5e0 sp : ff2000000065bd10\n[ 127.702221] gp : ffffffff819c12f8 tp : ff60000080853100 t0 : 6e00000000000000\n[ 127.702284] t1 : 0000000000000020 t2 : 6e7566206d6f7266 s0 : ff2000000065bd80\n[ 127.702346] s1 : ff60000081262000 a0 : 000000000000007b a1 : ffffffff81894f20\n[ 127.702408] a2 : 0000000000000010 a3 : fffffffffffffffe a4 : 0000000000000000\n[ 127.702470] a5 : 0000000000000000 a6 : 0000000000000008 a7 : 0000000000000038\n[ 127.702530] s2 : ba34c141e9594000 s3 : 0000000000000000 s4 : ff2000000065bdd0\n[ 127.702591] s5 : 00007fff8adcf400 s6 : 000055556dc1d8c0 s7 : 0000000000000068\n[ 127.702651] s8 : 00007fff8adf5d10 s9 : 000000000000006d s10: 0000000000000001\n[ 127.702710] s11: 00005555737377c8 t3 : ffffffff819d899e t4 : ffffffff819d899e\n[ 127.702769] t5 : ffffffff819d89a0 t6 : ff2000000065bb18\n[ 127.702826] status: 0000000200000120 badaddr: 0000000000000000 cause: 0000000000000003\n[ 127.703292] [\u003cffffffff8013b5e0\u003e] ftrace_return_to_handler+0x1b2/0x1be\n[ 127.703760] [\u003cffffffff80017bce\u003e] return_to_handler+0x16/0x26\n[ 127.704009] [\u003cffffffff80017bb8\u003e] return_to_handler+0x0/0x26\n[ 127.704057] [\u003cffffffff800d3352\u003e] common_nsleep+0x42/0x54\n[ 127.704117] [\u003cffffffff800d44a2\u003e] __riscv_sys_clock_nanosleep+0xba/0x10a\n[ 127.704176] [\u003cffffffff80901c56\u003e] do_trap_ecall_u+0x188/0x218\n[ 127.704295] [\u003cffffffff8090cc3e\u003e] handle_exception+0x14a/0x156\n[ 127.705436] ---[ end trace 0000000000000000 ]---\n\nThe reason is that the stack layout for constructing argument for the\nftrace_return_to_handler in the return_to_handler does not match the\n__arch_ftrace_regs structure of riscv, leading to unexpected results.",
"id": "GHSA-jxfc-qg7h-gw67",
"modified": "2026-06-01T18:31:20Z",
"published": "2025-04-16T15:34:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22069"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/67a5ba8f742f247bc83e46dd2313c142b1383276"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/78b39c587b8f6c69140177108f9c08a75b1c7c37"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ed384db061a264bd806898f7ccab9b98b591488"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M2MX-5GCX-J288
Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2025-06-05 00:31Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
{
"affected": [],
"aliases": [
"CVE-2020-16247"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-18T18:15:00Z",
"severity": "HIGH"
},
"details": "Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.",
"id": "GHSA-m2mx-5gcx-j288",
"modified": "2025-06-05T00:31:18Z",
"published": "2022-05-24T17:28:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16247"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01"
},
{
"type": "WEB",
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M2WX-725W-RMG7
Vulnerability from github – Published: 2023-05-18 21:30 – Updated: 2024-04-04 04:14OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.
{
"affected": [],
"aliases": [
"CVE-2023-2025"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T21:15:09Z",
"severity": "MODERATE"
},
"details": "OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.",
"id": "GHSA-m2wx-725w-rmg7",
"modified": "2024-04-04T04:14:40Z",
"published": "2023-05-18T21:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2025"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-04"
},
{
"type": "WEB",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M338-VVR5-WRPH
Vulnerability from github – Published: 2023-01-11 09:30 – Updated: 2023-01-19 00:30Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
{
"affected": [],
"aliases": [
"CVE-2021-26343"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-11T08:15:00Z",
"severity": "MODERATE"
},
"details": "Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.",
"id": "GHSA-m338-vvr5-wrph",
"modified": "2023-01-19T00:30:31Z",
"published": "2023-01-11T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26343"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M3MJ-2HWV-QF3Q
Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2023-06-29 06:30Microsoft Excel Information Disclosure Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-22716"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-09T17:15:00Z",
"severity": "MODERATE"
},
"details": "Microsoft Excel Information Disclosure Vulnerability.",
"id": "GHSA-m3mj-2hwv-qf3q",
"modified": "2023-06-29T06:30:16Z",
"published": "2022-02-10T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22716"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22716"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22716"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-383"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M474-Q42G-P73P
Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-01-12 03:30An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions.
In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context.
This issue affects Juniper Networks Junos OS on MX Series:
- All versions earlier than 20.4R3-S9;
- 21.2 versions earlier than 21.2R3-S3;
- 21.4 versions earlier than 21.4R3-S5;
- 22.1 versions earlier than 22.1R3;
- 22.2 versions earlier than 22.2R3;
- 22.3 versions earlier than 22.3R2.
{
"affected": [],
"aliases": [
"CVE-2024-21597"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-12T01:15:47Z",
"severity": "MODERATE"
},
"details": "\nAn Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions.\n\nIn an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it\u0027s received in the wrong RI context.\n\nThis issue affects Juniper Networks Junos OS on MX Series:\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S3;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3;\n * 22.2 versions earlier than 22.2R3;\n * 22.3 versions earlier than 22.3R2.\n\n\n\n\n\n\n",
"id": "GHSA-m474-q42g-p73p",
"modified": "2024-01-12T03:30:48Z",
"published": "2024-01-12T03:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21597"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA75738"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M4MG-49C8-XJ46
Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2022-10-27 19:00Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.
{
"affected": [],
"aliases": [
"CVE-2020-3315"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-693"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-06T17:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.",
"id": "GHSA-m4mg-49c8-xj46",
"modified": "2022-10-27T19:00:32Z",
"published": "2022-05-24T17:17:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3315"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5354"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M56X-JMQ4-9M4W
Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-17 00:00Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
{
"affected": [],
"aliases": [
"CVE-2022-30752"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-12T14:15:00Z",
"severity": "LOW"
},
"details": "Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.",
"id": "GHSA-m56x-jmq4-9m4w",
"modified": "2022-07-17T00:00:45Z",
"published": "2022-07-13T00:01:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30752"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M5HW-3F6M-J7MR
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-07-29 00:00Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
{
"affected": [],
"aliases": [
"CVE-2022-1488"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T22:15:00Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.",
"id": "GHSA-m5hw-3f6m-j7mr",
"modified": "2022-07-29T00:00:18Z",
"published": "2022-07-27T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1488"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1302959"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M63H-R8C8-CP94
Vulnerability from github – Published: 2022-07-13 00:00 – Updated: 2022-07-13 00:00Windows Hyper-V Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30223.
{
"affected": [],
"aliases": [
"CVE-2022-22042"
],
"database_specific": {
"cwe_ids": [
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-12T23:15:00Z",
"severity": "MODERATE"
},
"details": "Windows Hyper-V Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30223.",
"id": "GHSA-m63h-r8c8-cp94",
"modified": "2022-07-13T00:00:40Z",
"published": "2022-07-13T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22042"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22042"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22042"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.