CVE-2022-1199Use After Free in Kernel

CWE-416Use After FreeCWE-476NULL Pointer Dereference21 documents9 sources
Severity
7.5HIGHNVD
OSV7.8OSV6.7OSV5.5OSV4.4
EPSS
0.4%
top 38.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedAug 29
Latest updateJun 15

Description

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 5.10.113-1+3
Ubuntulinux/linux_kernel< 4.15.0-189.200+3
NVDlinux/linux_kernel5.17.14+1
CVEListV5linux/linux_kernelFixed in kernel v5.18-rc4

Also affects: Enterprise Linux 6.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

9
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-09-30
CVEList
CVE-2022-1199: A flaw was found in the Linux kernel2022-08-29
OSV
CVE-2022-1199: A flaw was found in the Linux kernel2022-08-29
GHSA
GHSA-rc6f-9g56-mr6q: A flaw was found in the Linux kernel2022-08-29
OSV
linux-azure vulnerabilities2022-07-28

📋Vendor Advisories

11
CISA ICS
​Siemens SINAMICS Medium Voltage Products2023-06-15
CISA ICS
Siemens SCALANCE, RUGGEDCOM Third-Party2023-03-16
Ubuntu
Linux kernel vulnerabilities2022-09-30
Microsoft
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space resulting in a null-ptr-deref vulnerability and a use-after2022-08-09
Ubuntu
Linux kernel vulnerabilities2022-07-28
CVE-2022-1199 — Use After Free in Linux Kernel | cvebase