CVE-2022-1012

Published: Aug 5, 2022Modified: Nov 21, 2024

8.2

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Exploitability: 3.9 / Impact: 4.2

Source: NVD

Description

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

Affected (7)

Products: Linux: Linux Kernel

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.18
Linux Linux Kernel	Version 5.18
Linux Linux Kernel	Version 5.18 rc1
Linux Linux Kernel	Version 5.18 rc2
Linux Linux Kernel	Version 5.18 rc3
Linux Linux Kernel	Version 5.18 rc4
Linux Linux Kernel	Version 5.18 rc5

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=2064604

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20221020-0006/

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2064604

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20221020-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.