CVE - CVE-2022-0617

CVE-ID
CVE-2022-0617	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
DEBIAN:DSA-5095 URL:https://www.debian.org/security/2022/dsa-5095 DEBIAN:DSA-5096 URL:https://www.debian.org/security/2022/dsa-5096 MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee URL:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f URL:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f MISC:https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr@quack3.lan/T/ URL:https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr@quack3.lan/T/ MLIST:[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html MLIST:[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update URL:https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html MLIST:[oss-security] 20220413 CVE-2022-0617: udf:A null-ptr-deref bug be triggered when write to an ICB inode URL:http://www.openwall.com/lists/oss-security/2022/04/13/2
Assigning CNA
Red Hat, Inc.
Date Record Created
20220215	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20220215)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)