CVE-2022-3106 — NULL Pointer Dereference in Kernel

CWE-476 — NULL Pointer Dereference CWE-200 — Sensitive Information Exposure CWE-319 — Cleartext Transmission of Sensitive Info9 documents9 sources

Severity

5.5MEDIUMNVD

GHSA7.8

EPSS

0.1%

top 71.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Github.com Weaveworks Weave-gitops Debian Linux +3 more

Timeline

PublishedDec 14

Latest updateFeb 14

Description

An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶NVDlinux/linux_kernel< 5.16.0+1

▶Debianlinux/linux_kernel< 5.10.92-1+3

▶CVEListV5linux/linux_kernelLinux 5.16-rc6

▶debiandebian/linux< linux 5.15.15-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.86.1-1_on_cbl_mariner_2.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

Gitops Run insecure communication↗2023-01-09

▶

OSV

CVE-2022-3106: An issue was discovered in the Linux kernel through 5↗2022-12-14

▶

GHSA

GHSA-3wm6-5f35-v4rp: An issue was discovered in the Linux kernel through 5↗2022-12-14

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Red Hat

kernel: sfc_ef100: NULL pointer dereference in ef100_update_stats()↗2022-12-13

▶

Microsoft

An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().↗2022-12-13

▶

Debian

CVE-2022-3106: linux - An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats...↗2022

▶

💬Community

Bugzilla

CVE-2022-3106 kernel: sfc_ef100: NULL pointer dereference in ef100_update_stats()↗2022-12-13

▶