← Back

CVE-2022-0854

nvd nist
Published: Mar 23, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

Affected (12)

Linux
1 product
Linux Kernel
Debian
1 product
Debian Linux
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
Up to 5.16
Linux Kernel
Version 5.17
Linux Kernel
Version 5.17 rc1
Linux Kernel
Version 5.17 rc2
Linux Kernel
Version 5.17 rc3
Linux Kernel
Version 5.17 rc4
Linux Kernel
Version 5.17 rc5
Linux Kernel
Version 5.17 rc6
Linux Kernel
Version 5.17 rc7
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 11.0
Debian Linux
Version 9.0

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (8)

Source: secalert@redhat.com
ExploitMailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.