7.8

CVE-2022-23222

Exploit
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.8.0 < 5.15.37
LinuxLinux Kernel Version >= 5.16 < 5.16.11
DebianDebian Linux Version11.0
NetappH410c Firmware Version-
   NetappH410c Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH300e Firmware Version-
   NetappH300e Version-
NetappH500e Firmware Version-
   NetappH500e Version-
NetappH700e Firmware Version-
   NetappH700e Version-
NetappH410s Firmware Version-
   NetappH410s Version-
FedoraprojectFedora Version34
FedoraprojectFedora Version35
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.11% 0.782
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.openwall.com/lists/oss-security/2022/01/18/2
Third Party Advisory
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2022/06/01/1
Patch
Third Party Advisory
Mailing List