CVE-2022-1652

Name
CVE-2022-1652
Description
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://francozappa.github.io/about-bias/
MISC https://kb.cert.org/vuls/id/647177/
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1832397
Third Party Advisory https://www.debian.org/security/2022/dsa-5173
Third Party Advisory https://security.netapp.com/advisory/ntap-20220722-0002/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None <= 5.17.5
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 2.6.12 < 4.9.316
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.10 < 4.14.281
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.15 < 4.19.245
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.20 < 5.4.196
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.5 < 5.10.118
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.11 < 5.15.42
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.16 < 5.17.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status