CVE-2022-0433 — Use of Uninitialized Resource in Kernel

CWE-908 — Use of Uninitialized Resource CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

5.5MEDIUMNVD

OSV7.8

EPSS

0.0%

top 88.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Linux Kernel Fedoraproject Fedora +3 more

Timeline

PublishedMar 10

Latest updateMar 20

Description

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDlinux/linux_kernel5.16

▶CVEListV5linux/linux_kernelLinux kernel versions prior to 5.17-rc1

▶debiandebian/linux

▶msrcmsrc/cbl2_kernel_5.15.37.1-2_on_cbl_mariner_2.0

▶msrcmsrc/cm1_kernel_5.10.102.1-3_on_cbl_mariner_1.0

Also affects: Fedora 35

Patches

Patch: bugzilla.redhat.com ↗Patch: git.kernel.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

vim vulnerabilities↗2023-03-20

▶

GHSA

GHSA-rqh7-q69f-f8vq: A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloo↗2022-03-11

▶

OSV

CVE-2022-0433: A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloo↗2022-03-10

▶

📋Vendor Advisories

Microsoft

▶

Red Hat

kernel: missing initialization in bloom filter map in kernel/bpf/bloom_filter.c can lead to DoS↗2022-01-10

▶

Debian

CVE-2022-0433: linux - A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in...↗2022

▶