CVE-2022-3105 — NULL Pointer Dereference in Kernel

CWE-476 — NULL Pointer Dereference8 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Paloalto Pan-os +2 more

Timeline

PublishedDec 14

Latest updateFeb 14

Description

An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶NVDlinux/linux_kernel< 5.16.0+1

▶Debianlinux/linux_kernel< 5.10.92-1+3

▶CVEListV5linux/linux_kernelLinux 5.16-rc6

▶debiandebian/linux< linux 5.15.15-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.86.1-1_on_cbl_mariner_2.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-wgp6-2g3r-9p4m: An issue was discovered in the Linux kernel through 5↗2022-12-14

▶

OSV

CVE-2022-3105: An issue was discovered in the Linux kernel through 5↗2022-12-14

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Red Hat

kernel: RDMA/uverbs: NULL pointer dereference in uapi_finalize()↗2022-12-13

▶

Microsoft

An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().↗2022-12-13

▶

Debian

CVE-2022-3105: linux - An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in d...↗2022

▶

💬Community

Bugzilla

CVE-2022-3105 kernel: RDMA/uverbs: NULL pointer dereference in uapi_finalize()↗2022-12-13

▶