Vulnerabilities > CVE-2022-3106 - NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

linux

CWE-476

NVD

Published: 2022-12-14

Updated: 2022-12-16

Summary

An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 5.16.0	7

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://bugzilla.redhat.com/show_bug.cgi?id=2153066
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=407ecd1bd726f240123f704620d46e285ff30dd9