5.5

CVE-2022-1263

Exploit
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.18
LinuxLinux Kernel Version5.18 Updaterc1
LinuxLinux Kernel Version5.18 Updaterc2
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.334
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://access.redhat.com/security/cve/CVE-2022-1263
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2072698
Patch
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4
Patch
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/04/07/1
Third Party Advisory
Exploit
Mailing List