CVE-2022-3303

Опубликовано: 04 сент. 2022

Источник: redhat

CVSS3: 4.7

EPSS Низкий

Описание

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-667->CWE-362->CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=2129859kernel: race condition in snd_pcm_oss_sync leads to NULL pointer dereference

EPSS

Процентиль: 5%

0.00023

Низкий

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2022-3303

CVSS3: 4.7

ubuntu

больше 2 лет назад

CVE-2022-3303

CVSS3: 4.7

nvd

больше 2 лет назад

CVE-2022-3303

CVSS3: 4.7

msrc

больше 2 лет назад

Описание отсутствует

CVE-2022-3303

CVSS3: 4.7

debian

больше 2 лет назад

A race condition flaw was found in the Linux kernel sound subsystem du ...

GHSA-833h-m63r-586v

CVSS3: 4.7

github

больше 2 лет назад

EPSS

Процентиль: 5%

0.00023

Низкий

4.7 Medium

CVSS3