CVE-2022-3202

Advisory lineage Upstream: 0 Downstream: 6
Modified
Published: 14 Sept 2022, 00:00
Last modified:03 Aug 2024, 01:00

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
7.1 HIGH
v3.1 (nvd)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 Sept 2022, 00:00
Published
Vulnerability first disclosed
03 Aug 2024, 01:00
Last Modified
Vulnerability information updated

Description

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.

CVSS Metrics

  • v3.1HIGHScore: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.03% Percentile: 8%

Techniques & Countermeasures

  • CWE-476NULL Pointer Dereference

    The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

  • linuxlinux_kernel

    < 4.9.311 | ≥ 4.10, < 4.14.276 | ≥ 4.15, < 4.19.238 | ≥ 4.20, < 5.4.189 | ≥ 5.5.0, < 5.10.111 | ≥ 5.11, < 5.15.34 | ≥ 5.16, < 5.16.20 | ≥ 5.17, < 5.17.3

  • netapph300s_firmware

    na

  • netapph410c_firmware

    na

  • netapph410s_firmware

    na

  • netapph500s_firmware

    na

  • netapph700s_firmware

    na

References (2)