Vulnerabilities > CVE-2022-4128 - NULL Pointer Dereference vulnerability in Linux Mptcp Protocol

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

linux

CWE-476

NVD

Published: 2022-11-28

Updated: 2023-11-07

Summary

A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Mptcp Protocol *	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/torvalds/linux/commit/5c835bb142d4
https://lore.kernel.org/netdev/20220708233610.410786-2-mathew.j.martineau%40linux.intel.com/