CVE-2022-40476

medium

Description

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.

References

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.15.61&id=3746d62ecf1c872a520c4866118edccb121c44fd

https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.62

https://lore.kernel.org/lkml/[email protected]om/

Details

Source: MITRE

Published: 2022-09-14

Updated: 2022-09-17

Type: CWE-476

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM