#VU61210 NULL pointer dereference


Published: 2022-03-09

Vulnerability identifier: #VU61210

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0617

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions


External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f
http://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr@quack3.lan/T/
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability