CVE Vulnerability

CVE-2022-40476

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.15.61&id=3746d62ecf1c872a520c4866118edccb121c44fd Patch Vendor Advisory
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.62 Release Notes Vendor Advisory
https://lore.kernel.org/lkml/CAO4S-mdVW5GkODk0+vbQexNAAJZopwzFJ9ACvRCJ989fQ4A6Ow@mail.gmail.com/ Vendor Advisory
Configurations

Configuration 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Information

Published : 2022-09-14 09:15

Updated : 2022-09-17 01:57

NVD link : CVE-2022-40476

Mitre link : CVE-2022-40476

Products Affected
No products.
CWE
CWE-476