CVE-2022-1012

high

Description

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2064604

https://lore.kernel.org/lkml/[email protected]/T/

https://security.netapp.com/advisory/ntap-20221020-0006/

Details

Source: MITRE

Published: 2022-08-05

Updated: 2022-10-28

Type: CWE-401

CVSS v3

Base Score: 8.2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Impact Score: 4.2

Exploitability Score: 3.9

Severity: HIGH