CVE-2022-4378 — Incorrect Calculation of Buffer Size in Linux

CWE-131 — Incorrect Calculation of Buffer Size CWE-787 — Out-of-bounds Write CWE-120 — Classic Buffer Overflow CWE-201 — Sensitive Info Insertion into Sent Data35 documents11 sources

Severity

7.8HIGHNVD

OSV8.8OSV6.7OSV6.5OSV5.5OSV4.3OSV2.5

EPSS

0.0%

top 91.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Paloalto Pan-os +4 more

Timeline

PublishedJan 5

Latest updateApr 15

Description

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶Debianlinux/linux_kernel< 5.10.158-1+3

▶Ubuntulinux/linux_kernel< 4.15.0-206.217+5

▶NVDlinux/linux_kernel4.9.0 — 4.9.337+6

▶CVEListV5linux/linux_kernelkernel 6.0.12

▶msrcmsrc/cm1_kernel_5.10.164.1-1_on_cbl_mariner_1.0

🔴Vulnerability Details

OSV

Kernel Live Patch Security Notice↗2023-03-07

▶

OSV

linux, linux-aws, linux-dell300x, linux-gcp-4.15, linux-oracle vulnerabilities↗2023-03-03

▶

OSV

linux-aws-hwe, linux-oracle vulnerabilities↗2023-03-03

▶

OSV

linux-hwe vulnerabilities↗2023-02-22

▶

OSV

linux-hwe-5.19 vulnerabilities↗2023-02-16

▶

📋Vendor Advisories

CISA ICS

ABB M2M Gateway↗2025-04-15

▶

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

GitLab

CVE-2023-4378: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, a↗2023-09-01

▶

CISA ICS

Siemens SIMATIC S7-1500 TM MFP BIOS↗2023-06-15

▶

Ubuntu

Kernel Live Patch Security Notice↗2023-03-07

▶