CVE-2022-3108Unchecked Return Value in Kernel

CWE-252Unchecked Return ValueCWE-476NULL Pointer Dereference16 documents9 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxPaloalto Pan-os+2 more
Timeline
PublishedDec 14
Latest updateFeb 14

Description

An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDlinux/linux_kernel< 5.16.0+1
Debianlinux/linux_kernel< 5.16.7-1+2
Ubuntulinux/linux_kernel< 5.4.0-147.164
CVEListV5linux/linux_kernelLinux 5.17-rc6
debiandebian/linux< linux 5.16.7-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

6
OSV
linux-iot vulnerabilities2023-07-27
OSV
linux-xilinx-zynqmp vulnerabilities2023-07-12
OSV
linux-bluefield vulnerabilities2023-05-22
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, lin2023-04-19
GHSA
GHSA-p3w8-hj2c-x6cm: An issue was discovered in the Linux kernel through 52022-12-14

📋Vendor Advisories

8
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel (IoT) vulnerabilities2023-07-27
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2023-07-12
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-05-22
Ubuntu
Linux kernel vulnerabilities2023-04-19

💬Community

1
Bugzilla
CVE-2022-3108 kernel: drm/amdkfd: NULL pointer dereference in kfd_parse_subtype_iolink()2022-12-13