CVE-2022-3707

EPSS 0.02%
Published 06.03.2023 23:15:10
Last modified 07.03.2025 16:15:35
Source secalert@redhat.com
Teams watchlist Login
Open Login

A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.

Affected products Warnungen 0 Metrics 3 CWE 2 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.1

Linux ≫ Linux Kernel Version6.1 Update-

Linux ≫ Linux Kernel Version6.1 Updaterc1

Linux ≫ Linux Kernel Version6.1 Updaterc2

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.029

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CWE-460 Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

https://bugzilla.redhat.com/show_bug.cgi?id=2137979

Patch

Issue Tracking

https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz%40163.com/

https://nvd.nist.gov/vuln/detail/CVE-2022-3707

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3707

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3707

EUVD