CVE-2022-3169Improper Input Validation in Linux

CWE-20Improper Input Validation32 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxDebian Linux+1 more
Timeline
PublishedSep 9
Latest updateJun 15

Description

A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 5.10.158-1+3
Ubuntulinux/linux_kernel< 5.4.0-144.161+1
debiandebian/linux< linux 6.0.10-1 (bookworm)

Also affects: Debian Linux 10.0, Fedora 36

🔴Vulnerability Details

14
OSV
linux-bluefield vulnerabilities2023-04-05
OSV
linux-intel-iotg vulnerabilities2023-03-16
OSV
linux-ibm, linux-ibm-5.4 vulnerabilities2023-03-14
OSV
linux-kvm vulnerabilities2023-03-09
OSV
linux-raspi-5.4 vulnerabilities2023-03-09

📋Vendor Advisories

17
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-04-05
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-03-16
Ubuntu
Linux kernel (KVM) vulnerabilities2023-03-14
Ubuntu
Linux kernel (IBM) vulnerabilities2023-03-14