CVE-2022-49141

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: fix possible NULL pointer dereference As the possible failure of the allocation, kzalloc() may return NULL pointer. Therefore, it should be better to check the 'sgi' in order to prevent the dereference of NULL pointer.

References

Link	Resource
https://git.kernel.org/stable/c/866b7a278cdb51eb158cd8513bc7438fc857804a	Patch
https://git.kernel.org/stable/c/b7ff8b5e75d4e91ec8c62d621aac8dfb84c57aa9	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

13 Mar 2025, 21:30

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: felix: se corrige la posible desreferencia de puntero NULL. Como es posible que falle la asignación, kzalloc() puede devolver un puntero NULL. Por lo tanto, es mejor comprobar el 'sgi' para evitar la desreferencia de puntero NULL.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/866b7a278cdb51eb158cd8513bc7438fc857804a -~~	() https://git.kernel.org/stable/c/866b7a278cdb51eb158cd8513bc7438fc857804a - Patch
References	~~() https://git.kernel.org/stable/c/b7ff8b5e75d4e91ec8c62d621aac8dfb84c57aa9 -~~	() https://git.kernel.org/stable/c/b7ff8b5e75d4e91ec8c62d621aac8dfb84c57aa9 - Patch
CWE		CWE-476
First Time		Linux Linux linux Kernel

26 Feb 2025, 07:00

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:00

Updated : 2025-10-01 20:15

NVD link : CVE-2022-49141

Mitre link : CVE-2022-49141

CVE.ORG link : CVE-2022-49141

JSON object : View

Products Affected

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2022-49141", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:00:51.327", "references": [{"url": "https://git.kernel.org/stable/c/866b7a278cdb51eb158cd8513bc7438fc857804a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b7ff8b5e75d4e91ec8c62d621aac8dfb84c57aa9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: felix: fix possible NULL pointer dereference\n\nAs the possible failure of the allocation, kzalloc() may return NULL\npointer.\nTherefore, it should be better to check the 'sgi' in order to prevent\nthe dereference of NULL pointer."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: felix: se corrige la posible desreferencia de puntero NULL. Como es posible que falle la asignaci\u00f3n, kzalloc() puede devolver un puntero NULL. Por lo tanto, es mejor comprobar el 'sgi' para evitar la desreferencia de puntero NULL."}], "lastModified": "2025-10-01T20:15:51.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE420AC7-1E59-4398-B84F-71F4B4337762", "versionEndExcluding": "5.17.3", "versionStartIncluding": "5.17"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}