#VU94464 Use of uninitialized resource in Linux kernel - CVE-2022-48855

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the inet_diag_msg_sctpasoc_fill() and inet_sctp_diag_fill() functions in net/sctp/sctp_diag.c. A local user can perform a denial of service (DoS) attack.

Remediation

External links

• https://git.kernel.org/stable/c/3fc0fd724d199e061432b66a8d85b7d48fe485f7
• https://git.kernel.org/stable/c/41a2864cf719c17294f417726edd411643462ab8
• https://git.kernel.org/stable/c/2d8fa3fdf4542a2174a72d92018f488d65d848c5
• https://git.kernel.org/stable/c/bbf59d7ae558940cfa2b36a287fd1e88d83f89f8
• https://git.kernel.org/stable/c/b7e4d9ba2ddb78801488b4c623875b81fb46b545
• https://git.kernel.org/stable/c/1502f15b9f29c41883a6139f2923523873282a83
• https://git.kernel.org/stable/c/d828b0fe6631f3ae8709ac9a10c77c5836c76a08
• https://git.kernel.org/stable/c/633593a808980f82d251d0ca89730d8bb8b0220c
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.272
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.307
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.106
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.29
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.15
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.185