CVE-2022-1205Use After Free in Linux

CWE-416Use After FreeCWE-476NULL Pointer Dereference23 documents6 sources
Severity
4.7MEDIUMNVD
OSV8.2OSV7.8OSV5.9OSV5.5OSV4.4
EPSS
0.1%
top 69.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.67.1-4 ON CBL Mariner 2.0+5 more
Timeline
PublishedAug 31
Latest updateJun 18

Description

A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages11 packages

debiandebian/linux< linux 5.17.6-1 (bookworm)
Debianlinux/linux_kernel< 5.10.113-1+3
Ubuntulinux/linux_kernel< 4.15.0-189.200+3
CVEListV5linux/linux_kernelFixed in kernel v5.18-rc1

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: github.com

🔴Vulnerability Details

9
OSV
linux, linux-kvm, linux-lts-xenial vulnerabilities2023-04-12
OSV
linux-aws vulnerabilities2023-04-06
OSV
CVE-2022-1205: A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX2022-08-31
OSV
linux-azure vulnerabilities2022-07-28
OSV
linux-bluefield, linux-gcp-5.4, linux-gke-5.4 vulnerabilities2022-07-28

📋Vendor Advisories

13
Red Hat
kernel: USB: core: Prevent nested device-reset calls2025-06-18
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-12
Ubuntu
Linux kernel vulnerabilities2023-04-12
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-06
Microsoft
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the syst2022-08-09
CVE-2022-1205 — Use After Free in Debian Linux | cvebase