CVE-2022-1012

EPSS 0.44%
Veröffentlicht 05.08.2022 16:15:11
Zuletzt bearbeitet 21.11.2024 06:39:51
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 7 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.18

Linux ≫ Linux Kernel Version5.18 Update-

Linux ≫ Linux Kernel Version5.18 Updaterc1

Linux ≫ Linux Kernel Version5.18 Updaterc2

Linux ≫ Linux Kernel Version5.18 Updaterc3

Linux ≫ Linux Kernel Version5.18 Updaterc4

Linux ≫ Linux Kernel Version5.18 Updaterc5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.634

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://bugzilla.redhat.com/show_bug.cgi?id=2064604

Third Party Advisory

Issue Tracking

https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/

https://security.netapp.com/advisory/ntap-20221020-0006/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1012

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-1012