CVE-2022-1280

low-risk

Published 2022-04-13

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

LOCAL / HIGH complexity

Affected Products (2)

Linux Kernel

Enterprise Linux

Affected Vendors

Redhat Linux

References (4)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2071022

Mailing List https://www.openwall.com/lists/oss-security/2022/04/12/3

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2071022

Mailing List https://www.openwall.com/lists/oss-security/2022/04/12/3

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low