CVE-2022-0382 — Missing Initialization of Resource in Linux
Severity
5.5MEDIUMNVD
OSV6.5OSV4.7
EPSS
0.1%
top 84.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedFeb 11
Latest updateApr 6
Description
An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages6 packages
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-aws, linux-aws-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2022-03-22
GHSA▶
GHSA-4rw9-jwmq-4v5r: An information leak flaw was found due to uninitialized memory in the Linux kernel’s TIPC protocol subsystem, in the way a user sends a TIPC datagram↗2022-02-12
OSV▶
CVE-2022-0382: An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram↗2022-02-11
📋Vendor Advisories
6Microsoft▶
An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a loc↗2022-02-08
Debian▶
CVE-2022-0382: linux - An information leak flaw was found due to uninitialized memory in the Linux kern...↗2022