Vulnerabilities > CVE-2022-3107 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
Vulnerable Configurations
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2153060
- https://bugzilla.redhat.com/show_bug.cgi?id=2153060
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=886e44c9298a6b428ae046e2fa092ca52e822e6a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=886e44c9298a6b428ae046e2fa092ca52e822e6a