7.8
CVE-2022-4744
- EPSS 0.09%
- Veröffentlicht 30.03.2023 21:15:06
- Zuletzt bearbeitet 14.02.2025 16:15:32
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginA double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.136
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.251 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
CWE-460 Improper Cleanup on Thrown Exception
The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.