5.5

CVE-2022-3108

An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.16.0
LinuxLinux Kernel Version5.16.0 Update-
LinuxLinux Kernel Version5.16.0 Updaterc1
LinuxLinux Kernel Version5.16.0 Updaterc2
LinuxLinux Kernel Version5.16.0 Updaterc3
LinuxLinux Kernel Version5.16.0 Updaterc4
LinuxLinux Kernel Version5.16.0 Updaterc5
LinuxLinux Kernel Version5.16.0 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.115
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

https://bugzilla.redhat.com/show_bug.cgi?id=2153052
Third Party Advisory
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=abfaf0eee97925905e742aa3b0b72e04a918fa9e
Patch
Vendor Advisory