CVE-2022-33981

Description

drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

Related CPE's

olinuxlinux_kernel********

References

https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf

PatchThird Party Advisory

https://seclists.org/oss-sec/2022/q2/66

ExploitMailing ListPatchThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/225362

Third Party AdvisoryVDB Entry

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6

Release NotesVendor Advisory

[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

2.0999999046325684

VectorString

AV:L/AC:L/Au:N/C:N/I:N/A:P

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io