CVE-2022-3707

EPSS 0.02%
Veröffentlicht 06.03.2023 23:15:10
Zuletzt bearbeitet 07.03.2025 16:15:35
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.1

Linux ≫ Linux Kernel Version6.1 Update-

Linux ≫ Linux Kernel Version6.1 Updaterc1

Linux ≫ Linux Kernel Version6.1 Updaterc2

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.029

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CWE-460 Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

https://bugzilla.redhat.com/show_bug.cgi?id=2137979

Patch

Issue Tracking

https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz%40163.com/

https://nvd.nist.gov/vuln/detail/CVE-2022-3707

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3707

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3707

EUVD