CVE-2022-41858Use After Free in Kernel

CWE-416Use After FreeCWE-476NULL Pointer Dereference11 documents8 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 97.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelNetapp HCI Baseboard Management Controller
Timeline
PublishedJan 17
Latest updateMar 6

Description

A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel4.104.14.276+6
Debianlinux/linux_kernel< 5.10.113-1+3
CVEListV5linux/linux_kernelunknown

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2023-03-06
OSV
linux-aws vulnerabilities2023-02-23
CVEList
CVE-2022-41858: A flaw was found in the Linux kernel2023-01-17
OSV
CVE-2022-41858: A flaw was found in the Linux kernel2023-01-17
GHSA
GHSA-5r4m-496r-7wqm: A flaw was found in the Linux kernel2023-01-17

📋Vendor Advisories

5
Ubuntu
Linux kernel vulnerabilities2023-03-06
Ubuntu
Linux kernel (AWS) vulnerabilities2023-02-23
Microsoft
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker 2023-01-10
Red Hat
kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip2022-04-05
Debian
CVE-2022-41858: linux - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while...2022
CVE-2022-41858 — Use After Free in Linux Kernel | cvebase