Vulnerabilities > CVE-2022-3113 - NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

linux

CWE-476

NVD

Published: 2022-12-14

Updated: 2022-12-16

Summary

An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 5.16.0	7

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=e25a89f743b18c029bfbe5e1663ae0c7190912b0
https://bugzilla.redhat.com/show_bug.cgi?id=2153053