CVE-2022-1263 — NULL Pointer Dereference in Kernel
Severity
5.5MEDIUMNVD
OSV4.4
EPSS
0.1%
top 79.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedAug 31
Latest updateOct 25
Description
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Enterprise Linux 8.0, 9.0
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-wcwj-rgxv-c28p: A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled↗2022-09-01
OSV▶
CVE-2022-1263: A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled↗2022-08-31
CVEList▶
CVE-2022-1263: A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled↗2022-08-31
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities↗2022-06-08
📋Vendor Advisories
4Microsoft▶
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls causi↗2022-08-09
Red Hat
▶
Debian▶
CVE-2022-1263: linux - A NULL pointer dereference issue was found in KVM when releasing a vCPU with dir...↗2022