5.5

CVE-2022-0617

Exploit
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.2.1 < 5.17
LinuxLinux Kernel Version4.2 Updaterc1
LinuxLinux Kernel Version4.2 Updaterc2
LinuxLinux Kernel Version4.2 Updaterc3
LinuxLinux Kernel Version4.2 Updaterc4
LinuxLinux Kernel Version4.2 Updaterc5
LinuxLinux Kernel Version4.2 Updaterc6
LinuxLinux Kernel Version4.2 Updaterc7
LinuxLinux Kernel Version4.2 Updaterc8
LinuxLinux Kernel Version4.2.0
LinuxLinux Kernel Version5.17 Update-
LinuxLinux Kernel Version5.17 Updaterc1
LinuxLinux Kernel Version5.17 Updaterc2
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.39
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory
https://www.debian.org/security/2022/dsa-5095
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/13/2
Patch
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee
Patch
Vendor Advisory
Exploit
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f
Patch
Vendor Advisory
https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr%40quack3.lan/T/