CVE-2022-0322

CVSS v3.1 5.5 (Medium)

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (10^th)

Affected Products 5

Advisories 21

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).

Weaknesses

CWE-681: Incorrect Conversion between Numeric Types
CWE-704: Incorrect Type Conversion or Cast

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2022-03-25 19:15:09
(2 years ago)
Updated Date: 2023-02-02 17:17:42
(19 months ago)

Affected Products

Fedoraproject

Fedora

Linux

Linux Kernel

Oracle

Configuration #1

	CPE23	Up To
Linux Kernel prior 5.15 version	cpe:2.3:o:linux:linux_kernel	< 5.15
Linux Kernel 5.15	cpe:2.3:o:linux:linux_kernel:5.15:-
Linux Kernel 5.15 Rc1	cpe:2.3:o:linux:linux_kernel:5.15:rc1
Linux Kernel 5.15 Rc2	cpe:2.3:o:linux:linux_kernel:5.15:rc2
Linux Kernel 5.15 Rc3	cpe:2.3:o:linux:linux_kernel:5.15:rc3
Linux Kernel 5.15 Rc4	cpe:2.3:o:linux:linux_kernel:5.15:rc4
Linux Kernel 5.15 Rc5	cpe:2.3:o:linux:linux_kernel:5.15:rc5

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 35	cpe:2.3:o:fedoraproject:fedora:35

Configuration #3

		CPE23	From	Up To
	Oracle Communications Cloud Native Core Binding Support Function 22.1.3	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3
	Oracle Communications Cloud Native Core Network Exposure Function 22.1.1	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1
	Oracle Communications Cloud Native Core Policy 22.2.0	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0