CVE-2022-1516 - A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network pro

CVE-2022-1516

Summary

A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.

References

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7781607938c8
http://www.openwall.com/lists/oss-security/2022/06/19/1
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
https://www.debian.org/security/2022/dsa-5173

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 27-06-2023 - 16:21)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

Last major update

27-06-2023 - 16:21

Published

05-05-2022 - 15:15

Last modified

27-06-2023 - 16:21