CVE-2022-3606

A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.5 LOW
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
linuxlinux_kernel
𝑥
< 6.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libbpf
bullseye
no-dsa
bookworm
1.1.0-1
fixed
sid
1.4.6-1
fixed
trixie
1.4.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dwarves-dfsg
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
focal
Fixed 1.21-0ubuntu1~20.04.1
released
bionic
Fixed 1.21-0ubuntu1~18.04.1+esm1
released
xenial
needs-triage
trusty
ignored
libbpf
noble
Fixed 1.0.1-2ubuntu1
released
mantic
Fixed 1.0.1-2ubuntu1
released
lunar
Fixed 1.0.1-2ubuntu1
released
kinetic
Fixed 0.8.0-1ubuntu22.10.1
released
jammy
Fixed 0.5.0-1ubuntu22.04.1
released
focal
Fixed 0.5.0-1~ubuntu20.04.1+esm1
released
bionic
dne
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d382f95a9270dcf803539d6781d6bd67e3f5b2
https://vuldb.com/?id.211749
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d382f95a9270dcf803539d6781d6bd67e3f5b2
https://vuldb.com/?id.211749