CVE-2022-3606

CWE-404CWE-476NULL Pointer Dereference14 documents8 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 95.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux Linux KernelLinux Kernel
Timeline
PublishedOct 19
Latest updateJul 11

Description

A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.1 | Impact: 1.4

Affected Packages4 packages

CVEListV5linux/kerneln/a
Debianlibbpf< 0.3-2+deb11u1+3
Ubuntudwarves-dfsg< 1.21-0ubuntu1~20.04.1+1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

6
OSV
dwarves-dfsg vulnerabilities2023-07-11
OSV
libbpf vulnerabilities2022-12-08
OSV
libbpf vulnerabilities2022-12-05
CVEList
Linux Kernel BPF libbpf.c find_prog_by_sec_insn null pointer dereference2022-10-19
GHSA
GHSA-4rj6-gcf8-wchc: A vulnerability was found in Linux Kernel2022-10-19

📋Vendor Advisories

6
Ubuntu
dwarves vulnerabilities2023-07-11
Ubuntu
LibBPF vulnerabilities2022-12-08
Ubuntu
LibBPF vulnerabilities2022-12-05
Microsoft
Linux Kernel BPF libbpf.c find_prog_by_sec_insn null pointer dereference2022-10-11
Red Hat
kernel: libbpf: NULL pointer dereference in find_prog_by_sec_insn2022-10-08
CVE-2022-3606 (MEDIUM CVSS 5.5) | A vulnerability was found in Linux | cvebase.io