#VU61210 NULL pointer dereference in Linux kernel


Published: 2022-03-09

Vulnerability identifier: #VU61210

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0617

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f
http://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr@quack3.lan/T/
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in OpenShift Logging 5.5
Multiple vulnerabilities in Openshift Logging 5.3
Red Hat Enterprise Linux 9 update for kernel
Red Hat Enterprise Linux 9 update for kernel-rt
Red Hat Enterprise Linux 8 update for kernel-rt
Red Hat Enterprise Linux 8 update for kernel
Multiple vulnerabilities in DELL Secure Connect Gateway Security
Ubuntu update for linux
Ubuntu update for linux
Ubuntu update for linux