CVE-2022-41858

Advisory lineage Upstream: 0 Downstream: 33
Modified
Published: 17 Jan 2023, 00:00
Last modified:07 Apr 2025, 16:46

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
7.1 HIGH
v3.1 (cve.org)
EPSS Score
0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

17 Jan 2023, 00:00
Published
Vulnerability first disclosed
07 Apr 2025, 16:46
Last Modified
Vulnerability information updated

Description

A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.

CVSS Metrics

  • v3.1HIGHScore: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 4%

Techniques & Countermeasures

  • CWE-416Use After Free

    The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

  • CWE-476NULL Pointer Dereference

    The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

  • linuxlinux_kernel

    < 4.9.311 | ≥ 4.10, < 4.14.276 | ≥ 4.15, < 4.19.239 | ≥ 4.20, < 5.4.190 | ≥ 5.5.0, < 5.10.112 | ≥ 5.11, < 5.15.35 | ≥ 5.16, < 5.17.4

  • netapphci_baseboard_management_controller

    h300s | h410c | h410s | h500s | h700s

References (2)