CVE-2022-0168NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference20 documents8 sources
Severity
4.4MEDIUMNVD
OSV5.5
EPSS
0.0%
top 95.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelRedhat Enterprise LinuxPaloalto Pan-os
Timeline
PublishedAug 26
Latest updateFeb 14

Description

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel< 5.18
Debianlinux/linux_kernel< 5.10.113-1+3
Ubuntulinux/linux_kernel< 5.4.0-156.173+1
CVEListV5linux/linux_kernelAffects v5.4–5.12, v5.13-rc+HEAD
Palo Altopaloalto/pan-os

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

9
OSV
linux-azure-5.4 vulnerabilities2023-09-04
OSV
linux-azure vulnerabilities2023-08-31
OSV
linux-bluefield, linux-ibm vulnerabilities2023-08-29
OSV
linux-gke, linux-ibm-5.4 vulnerabilities2023-08-28
OSV
linux-hwe-5.4, linux-xilinx-zynqmp vulnerabilities2023-08-17

📋Vendor Advisories

10
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel (Azure) vulnerabilities2023-09-04
Ubuntu
Linux kernel (Azure) vulnerabilities2023-08-31
Ubuntu
Linux kernel vulnerabilities2023-08-29
Ubuntu
Linux kernel vulnerabilities2023-08-28
CVE-2022-0168 — NULL Pointer Dereference in Kernel | cvebase