CVE-2022-3707 — Improper Cleanup on Thrown Exception in Kernel

CWE-460 — Improper Cleanup on Thrown Exception CWE-415 — Double Free36 documents9 sources

Severity

5.5MEDIUMNVD

OSV4.7

EPSS

0.0%

top 97.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Paloalto Pan-os

Timeline

PublishedMar 6

Latest updateFeb 14

Description

A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶NVDlinux/linux_kernel< 6.1+1

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-149.166+1

▶CVEListV5linux/linux_kernelLinux kernel 6.1-rc3

▶Palo Altopaloalto/pan-os

Also affects: Enterprise Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

linux-iot vulnerabilities↗2023-07-27

▶

OSV

linux-xilinx-zynqmp vulnerabilities↗2023-07-12

▶

OSV

linux-intel-iotg vulnerabilities↗2023-06-01

▶

OSV

linux-aws-5.4, linux-bluefield vulnerabilities↗2023-06-01

▶

OSV

linux-intel-iotg-5.15 vulnerabilities↗2023-06-01

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Ubuntu

Linux kernel (IoT) vulnerabilities↗2023-07-27

▶

Ubuntu

Linux kernel (Xilinx ZynqMP) vulnerabilities↗2023-07-12

▶

Ubuntu

Linux kernel vulnerabilities↗2023-06-01

▶

Ubuntu

Linux kernel (Intel IoTG) vulnerabilities↗2023-06-01

▶