CVE-2022-0854

CVSS v3.1 5.5 (Medium)

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (5^th)

Affected Products 2

Advisories 22

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-401: Missing Release of Memory after Effective Lifetime

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2022-03-23 20:15:10
(2 years ago)
Updated Date: 2022-10-14 12:53:58
(23 months ago)

Affected Products

Debian

Debian Linux

Linux

Linux Kernel

Configuration #1

	CPE23	Up To
Linux Kernel 5.16 and prior versions	cpe:2.3:o:linux:linux_kernel	<= 5.16
Linux Kernel 5.17	cpe:2.3:o:linux:linux_kernel:5.17:-
Linux Kernel 5.17 Rc1	cpe:2.3:o:linux:linux_kernel:5.17:rc1
Linux Kernel 5.17 Rc2	cpe:2.3:o:linux:linux_kernel:5.17:rc2
Linux Kernel 5.17 Rc3	cpe:2.3:o:linux:linux_kernel:5.17:rc3
Linux Kernel 5.17 Rc4	cpe:2.3:o:linux:linux_kernel:5.17:rc4
Linux Kernel 5.17 Rc5	cpe:2.3:o:linux:linux_kernel:5.17:rc5
Linux Kernel 5.17 Rc6	cpe:2.3:o:linux:linux_kernel:5.17:rc6
Linux Kernel 5.17 Rc7	cpe:2.3:o:linux:linux_kernel:5.17:rc7

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Debian Linux 11.0	cpe:2.3:o:debian:debian_linux:11.0