CVE-2022-1012Missing Release of Memory after Effective Lifetime in Kernel

CWE-401Missing Release of Memory after Effective LifetimeCWE-341Predictable from Observable StateCWE-200Sensitive Information Exposure43 documents7 sources
Severity
8.2HIGHNVD
OSV6.7OSV5.5OSV4.3
EPSS
0.3%
top 46.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.67.1-4 ON CBL Mariner 2.0+1 more
Timeline
PublishedAug 5
Latest updateJul 13

Description

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages7 packages

debiandebian/linux< linux 5.17.11-1 (bookworm)
NVDlinux/linux_kernel< 5.18+1
Debianlinux/linux_kernel< 5.10.127-1+3
Ubuntulinux/linux_kernel< 4.15.0-194.205+2
CVEListV5linux/linux_kernelLinux kernel version prior to 5.18-rc6

🔴Vulnerability Details

20
OSV
linux-gcp vulnerabilities2022-10-21
OSV
linux-azure-4.15 vulnerabilities2022-10-18
OSV
linux-azure vulnerabilities2022-10-17
OSV
linux-aws, linux-gcp-4.15 vulnerabilities2022-10-13
OSV
linux-aws-hwe vulnerabilities2022-10-13

📋Vendor Advisories

22
CISA ICS
​Siemens SIMATIC MV500 Devices2023-07-13
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (GCP) vulnerabilities2022-10-21
Ubuntu
Linux kernel (Azure) vulnerabilities2022-10-18
Ubuntu
Linux kernel (Azure) vulnerabilities2022-10-17
CVE-2022-1012 — Linux Kernel vulnerability | cvebase