CVE-2022-2153NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference21 documents10 sources
Severity
5.5MEDIUMNVD
OSV7.0
EPSS
0.0%
top 93.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxFedoraproject Fedora+2 more
Timeline
PublishedAug 31
Latest updateFeb 14

Description

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel< 5.18
Debianlinux/linux_kernel< 5.10.140-1+3
Ubuntulinux/linux_kernel< 4.15.0-197.208+1
CVEListV5linux/linux_kernelkernel 5.18
Palo Altopaloalto/pan-os

Also affects: Debian Linux 10.0, Enterprise Linux 6.0, 7.0, 8.0, 9.0, Fedora 36

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: github.com

🔴Vulnerability Details

9
OSV
linux-azure vulnerabilities2022-12-12
OSV
linux-gcp-5.4 vulnerabilities2022-11-29
OSV
linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4 vulnerabilities2022-11-18
OSV
linux-gcp, linux-gcp-4.15 vulnerabilities2022-11-18
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi vulnerabiliti2022-11-17

📋Vendor Advisories

11
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (Azure) vulnerabilities2022-12-12
Ubuntu
Linux kernel (GCP) vulnerabilities2022-11-29
Ubuntu
Linux kernel vulnerabilities2022-11-18
CVE-2022-2153 — NULL Pointer Dereference in Kernel | cvebase