CVE-2022-0480Allocation of Resources Without Limits or Throttling in Kernel

CWE-770Allocation of Resources Without Limits or Throttling7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedAug 29

Description

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel< 5.15
Debianlinux/linux_kernel< 5.15.3-1+2
CVEListV5linux/linux_kernelNot Known

Also affects: Enterprise Linux 9.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-gjf9-j6hw-q3hj: A flaw was found in the filelock_init in fs/locks2022-08-29
OSV
CVE-2022-0480: A flaw was found in the filelock_init in fs/locks2022-08-29
CVEList
CVE-2022-0480: A flaw was found in the filelock_init in fs/locks2022-08-29

📋Vendor Advisories

3
Microsoft
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interf2022-08-09
Red Hat
kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion2022-01-03
Debian
CVE-2022-0480: linux - A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel...2022
CVE-2022-0480 — Linux Kernel vulnerability | cvebase