5.5
CVE-2022-48770
- EPSS 0.22%
- Veröffentlicht 20.06.2024 12:15:14
- Zuletzt bearbeitet 06.01.2025 21:43:45
- CVE-Watchlists
- Unerledigt
bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
In the Linux kernel, the following vulnerability has been resolved: bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() task_pt_regs() can return NULL on powerpc for kernel threads. This is then used in __bpf_get_stack() to check for user mode, resulting in a kernel oops. Guard against this by checking return value of task_pt_regs() before trying to obtain the call chain.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.9 < 5.10.96
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.19
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.5
Linux ≫ Linux Kernel Version5.17 Updaterc1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.118 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/0bcd484587b3b3092e448d27dc369e347e1810c3
https://git.kernel.org/stable/c/b82ef4985a6d05e80f604624332430351df7b79a
https://git.kernel.org/stable/c/b992f01e66150fc5e90be4a96f5eb8e634c8249e
https://git.kernel.org/stable/c/ff6bdc205fd0a83bd365405d4e31fb5905826996