CVE-2022-0742

high-risk

Published 2022-03-18

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.

Do I need to act?

2.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Linux Kernel

A400 Firmware

Aff 8300 Firmware

Aff 8700 Firmware

Fas 8300 Firmware

Fas 8700 Firmware

H300E Firmware

H300S Firmware

H410C Firmware

H410S Firmware

H500E Firmware

H500S Firmware

H700E Firmware

H700S Firmware

Affected Vendors

Linux Netapp

References (6)

Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d...

Third Party Advisory https://security.netapp.com/advisory/ntap-20220425-0001/

Mailing List https://www.openwall.com/lists/oss-security/2022/03/15/3

Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d...

Third Party Advisory https://security.netapp.com/advisory/ntap-20220425-0001/

Mailing List https://www.openwall.com/lists/oss-security/2022/03/15/3

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 5/34 · Minimal

Exposure 20/34 · Moderate