| Vulnerability Name: | CVE-2022-40476 (CCN-236147) | ||||||||||||||||||||
| Assigned: | 2022-08-21 | ||||||||||||||||||||
| Published: | 2022-08-21 | ||||||||||||||||||||
| Updated: | 2022-09-17 | ||||||||||||||||||||
| Summary: | A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service. | ||||||||||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-476 | ||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-40476 Source: XF Type: UNKNOWN linux-kernel-cve202240476-dos(236147) Source: CCN Type: Linux Kernel GIT Repository io_uring: use original request task for inflight tracking Source: MISC Type: Patch, Vendor Advisory https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.15.61&id=3746d62ecf1c872a520c4866118edccb121c44fd Source: MISC Type: Vendor Advisory https://lore.kernel.org/lkml/CAO4S-mdVW5GkODk0+vbQexNAAJZopwzFJ9ACvRCJ989fQ4A6Ow@mail.gmail.com/ Source: MISC Type: Release Notes, Vendor Advisory https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.62 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||