CVE-2022-1353 — Sensitive Information Exposure in Kernel

CWE-200 — Sensitive Information Exposure CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer CWE-413 — Improper Resource Locking23 documents9 sources

Severity

7.1HIGHNVD

OSV7.8OSV7.0OSV6.5OSV4.4

EPSS

0.0%

top 95.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedApr 29

Latest updateJun 18

Description

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

▶NVDlinux/linux_kernel< 5.17+1

▶Debianlinux/linux_kernel< 5.10.113-1+3

▶Ubuntulinux/linux_kernel< 4.15.0-189.200+3

▶CVEListV5linux/linux_kernelkernel 5.17 rc12

Also affects: Debian Linux 10.0, 11.0, 9.0, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2022-07-28

▶

OSV

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2022-07-13

▶

OSV

linux-aws vulnerabilities↗2022-07-13

▶

OSV

linux-lts-xenial, linux-kvm vulnerabilities↗2022-07-07

▶

OSV

linux, linux-aws vulnerabilities↗2022-07-01

▶

📋Vendor Advisories

Red Hat

kernel: kernfs: fix potential NULL dereference in __kernfs_remove↗2025-06-18

▶

CISA ICS

Siemens SCALANCE, RUGGEDCOM Third-Party↗2023-03-16

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2022-07-28

▶

Ubuntu

Linux kernel vulnerabilities↗2022-07-13

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2022-07-13

▶