CVE-2022-1016Access of Uninitialized Pointer in Kernel

CWE-824Access of Uninitialized PointerCWE-909Missing Initialization of Resource27 documents9 sources
Severity
5.5MEDIUMNVD
OSV6.6OSV6.5OSV5.9OSV4.7OSV4.6OSV4.4
EPSS
0.0%
top 97.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelRedhat Enterprise LinuxPaloalto Pan-os
Timeline
PublishedAug 29
Latest updateDec 9

Description

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

Linuxlinux/linux_kernel4.20.05.4.229+4
Debianlinux/linux_kernel< 5.10.113-1+3
Ubuntulinux/linux_kernel< 4.15.0-184.194+3
NVDlinux/linux_kernel3.135.17+2
CVEListV5linux/linux_kernelAffects v3.13-rc1 and later, Fixed in v5.18-rc1

Also affects: Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

11
OSV
ppp: associate skb with a device at tx2025-12-09
OSV
linux, linux-kvm, linux-lts-xenial vulnerabilities2023-04-12
OSV
linux-aws vulnerabilities2023-04-06
OSV
CVE-2022-1016: A flaw was found in the Linux kernel in net/netfilter/nf_tables_core2022-08-29
CVEList
CVE-2022-1016: A flaw was found in the Linux kernel in net/netfilter/nf_tables_core2022-08-29

📋Vendor Advisories

15
Red Hat
kernel: ppp: associate skb with a device at tx2025-12-09
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-12
Ubuntu
Linux kernel vulnerabilities2023-04-12
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-06
CVE-2022-1016 — Access of Uninitialized Pointer | cvebase