CVE-2022-0322 — Incorrect Conversion between Numeric Types in Kernel

CWE-681 — Incorrect Conversion between Numeric Types CWE-704 — Incorrect Type Conversion or Cast CWE-400 — Uncontrolled Resource Consumption CWE-416 — Use After Free11 documents9 sources

Severity

5.5MEDIUMNVD

CISA8.8

EPSS

0.1%

top 74.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Fedoraproject Fedora +7 more

Timeline

PublishedMar 25

Latest updateFeb 14

Description

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

▶NVDlinux/linux_kernel< 5.15+1

▶Debianlinux/linux_kernel< 5.10.84-1+3

▶CVEListV5linux/linux_kernelkernel 5.15 rc6

▶NVDoracle/communications_cloud_native_core_network_exposure_function22.1.1

▶debiandebian/linux< linux 5.14.16-1 (bookworm)

Also affects: Fedora 35

Patches

Patch: git.kernel.org ↗Patch: www.oracle.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-g6mc-765r-fwwj: A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk↗2022-03-26

▶

OSV

CVE-2022-0322: A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk↗2022-03-25

▶

CVEList

CVE-2022-0322: A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk↗2022-03-25

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Red Hat

vim: use after free in function qf_buf_add_line( )↗2022-08-30

▶

CISA

Microsoft Internet Explorer Use-After-Free Vulnerability↗2022-05-04

▶

Microsoft

▶

Red Hat

kernel: sctp: local DoS: unprivileged user can cause BUG()↗2022-02-03

▶