CVE-2022-1652

Name
CVE-2022-1652
Description
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://francozappa.github.io/about-bias/
MISC https://kb.cert.org/vuls/id/647177/
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1832397
Third Party Advisory https://www.debian.org/security/2022/dsa-5173
Third Party Advisory https://security.netapp.com/advisory/ntap-20220722-0002/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None <= 5.17.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status