Vulnerability Details : CVE-2022-0742

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.

Vulnerability category: Denial of service

Published 2022-03-18 12:15:08

Updated 2023-01-20 14:22:51

Source Google Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-0742

Probability of exploitation activity in the next 30 days: 0.21%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-0742

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	3.9	5.2	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-0742

CWE-275

Assigned by: [email protected] (Secondary)
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Assigned by: [email protected] (Primary)

References for CVE-2022-0742

https://security.netapp.com/advisory/ntap-20220425-0001/

Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d3916f3189172d5c69d33065c3c21119fe539fc

Patch;Vendor Advisory
https://www.openwall.com/lists/oss-security/2022/03/15/3

Mailing List;Third Party Advisory

Products affected by CVE-2022-0742

Linux » Linux Kernel
Versions from including (>=) 5.13 and before (<) 5.15.27
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 5.16.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.17 Update RC1
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.17 Update RC2
cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.17 Update RC3
cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.17 Update RC4
cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.17 Update RC5
cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.17 Update RC6
cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*
Matching versions
Netapp » H410c Firmware » Version: N/A
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410c » Version: N/A
Netapp » H300s Firmware » Version: N/A
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300s » Version: N/A
Netapp » H500s Firmware » Version: N/A
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500s » Version: N/A
Netapp » H700s Firmware » Version: N/A
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700s » Version: N/A
Netapp » H300e Firmware » Version: N/A
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300e » Version: N/A
Netapp » H500e Firmware » Version: N/A
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500e » Version: N/A
Netapp » H700e Firmware » Version: N/A
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700e » Version: N/A
Netapp » H410s Firmware » Version: N/A
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410s » Version: N/A
Netapp » Aff 8300 Firmware » Version: N/A
cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff 8300 » Version: N/A
Netapp » Aff 8700 Firmware » Version: N/A
cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff 8700 » Version: N/A
Netapp » Fas 8300 Firmware » Version: N/A
cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas 8300 » Version: N/A
Netapp » Fas 8700 Firmware » Version: N/A
cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas 8700 » Version: N/A
Netapp » A400 Firmware » Version: N/A
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » A400 » Version: N/A