Lucene search

Ubuntu.comUB:CVE-2022-0433

HistoryMar 10, 2022 - 12:00 a.m.

CVE-2022-0433

2022-03-1000:00:00

ubuntu.com

linux kernel

bpf subsystem

null pointer dereference

map_get_next_key function

bloom filter

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

A NULL pointer dereference flaw was found in the Linux kernel’s BPF
subsystem in the way a user triggers the map_get_next_key function of the
BPF bloom filter. This flaw allows a local user to crash the system. This
flaw affects Linux kernel versions prior to 5.17-rc1.

Notes

Author	Note
sbeattie	both introduced and fixed in the 5.16 kernel devel cycle

References

bugzilla.redhat.com/show_bug.cgi?id=2048259

launchpad.net/bugs/cve/CVE-2022-0433

nvd.nist.gov/vuln/detail/CVE-2022-0433

security-tracker.debian.org/tracker/CVE-2022-0433

www.cve.org/CVERecord?id=CVE-2022-0433

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2022-0433