CVE-2022-1671NULL Pointer Dereference in Kernel

CWE-476NULL Pointer DereferenceCWE-199 documents8 sources
Severity
7.1HIGHNVD
OSV4.4CISA7.8
EPSS
0.2%
top 61.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.67.1-4 ON CBL Mariner 2.0+5 more
Timeline
PublishedJul 26
Latest updateJul 27

Description

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages11 packages

NVDlinux/linux_kernel5.115.15.33+2
Debianlinux/linux_kernel< 5.17.3-1+2
Ubuntulinux/linux_kernel< 5.15.0-37.39
CVEListV5linux/linux_kernelLinux kernel version prior to kernel 5.18 rc1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-vv47-5mh5-w3hq: A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key2022-07-27
OSV
CVE-2022-1671: A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key2022-07-26
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities2022-06-08

📋Vendor Advisories

5
Microsoft
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.2022-07-12
Ubuntu
Linux kernel vulnerabilities2022-06-08
CISA
Microsoft Windows Remote Code Execution Vulnerability2022-05-25
Red Hat
kernel: null-ptr-deref bugs in net/rxrpc/server_key.c in rxrpc_preparse_s2022-03-30
Debian
CVE-2022-1671: linux - A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/serve...2022