CVE-2022-1263

Advisory lineage Upstream: 0 Downstream: 12

Downstream

DEBIAN-CVE-2022-1263 MGASA-2022-0154 MGASA-2022-0155 RHSA-2022:7444 RHSA-2022:7683 RHSA-2022:7933

Modified

Published: 31 Aug 2022, 15:33

Last modified:02 Aug 2024, 23:55

Vulnerability Summary

Overall Risk (default)

medium

32/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.07% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

31 Aug 2022, 15:33

Published

Vulnerability first disclosed

02 Aug 2024, 23:55

Last Modified

Vulnerability information updated

Description

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.07%• Percentile: 21%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux_kernel
< 5.18 | 5.18:rc1 | 5.18:rc2
redhat•enterprise_linux
8.0 | 9.0