CVE-2022-0742

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d3916f3189172d5c69d33065c3c21119fe539fc	Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20220425-0001/	Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/03/15/3	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc6::::::

Configuration 2 (hide)

AND

cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

History

22 Jun 2022, 15:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:linux:linux_kernel::::::::	cpe:2.3:o:linux:linux_kernel::::::::

13 May 2022, 11:59

Type	Values Removed	Values Added
First Time		Netapp aff 8300 Netapp a400 Netapp h300e Firmware Netapp h410s Firmware Netapp h410c Firmware Netapp Netapp h500s Firmware Netapp h700s Netapp aff 8700 Firmware Netapp h500e Firmware Netapp fas 8700 Firmware Netapp fas 8300 Firmware Netapp aff 8700 Netapp fas 8300 Netapp h700e Netapp h300e Netapp fas 8700 Netapp h700e Firmware Netapp aff 8300 Firmware Netapp a400 Firmware Netapp h300s Firmware Netapp h410c Netapp h700s Firmware Netapp h500s Netapp h500e Netapp h300s Netapp h410s
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20220425-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20220425-0001/ - Third Party Advisory
CPE		cpe:2.3:h:netapp:h500e:-:::::::* cpe:2.3:o:netapp:a400_firmware:-:::::::* cpe:2.3:o:netapp:fas_8700_firmware:-:::::::* cpe:2.3:o:netapp:fas_8300_firmware:-:::::::* cpe:2.3:o:netapp:h300e_firmware:-:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:h:netapp:aff_8700:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:o:netapp:aff_8300_firmware:-:::::::* cpe:2.3:o:netapp:h500e_firmware:-:::::::* cpe:2.3:h:netapp:a400:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:o:netapp:aff_8700_firmware:-:::::::* cpe:2.3:h:netapp:aff_8300:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:h:netapp:h300e:-:::::::* cpe:2.3:o:netapp:h700e_firmware:-:::::::* cpe:2.3:h:netapp:h700e:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:h:netapp:fas_8700:-:::::::* cpe:2.3:h:netapp:fas_8300:-:::::::*

25 Apr 2022, 21:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20220425-0001/ -

25 Mar 2022, 19:02

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.8 v3 : 7.5
CWE		CWE-401
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:a:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.17:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.17:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.17:rc5:::::: cpe:2.3:o:linux:linux_kernel:5.17:rc6:::::: cpe:2.3:o:linux:linux_kernel:5.17:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.17:rc4::::::
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d3916f3189172d5c69d33065c3c21119fe539fc -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d3916f3189172d5c69d33065c3c21119fe539fc - Patch, Vendor Advisory
References	~~(MISC) https://www.openwall.com/lists/oss-security/2022/03/15/3 -~~	(MISC) https://www.openwall.com/lists/oss-security/2022/03/15/3 - Mailing List, Third Party Advisory

18 Mar 2022, 12:56

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-18 12:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-0742

Mitre link : CVE-2022-0742

CVE.ORG link : CVE-2022-0742

JSON object : View

Products Affected

linux

linux_kernel

netapp

h700s
h300e_firmware
h500e_firmware
fas_8300_firmware
h300s_firmware
h500s_firmware
fas_8700_firmware
h410s_firmware
h500e
a400_firmware
h410c_firmware
h410s
h500s
h300s
h300e
fas_8700
aff_8300
aff_8700_firmware
h700e
aff_8700
h700e_firmware
fas_8300
aff_8300_firmware
h410c
a400
h700s_firmware

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

CWE-275

Permission Issues

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2022-0742

7.5^/10

7.8^/10

Attach tags to `CVE-2022-0742`