CVE-2022-4744

low-risk
Published 2023-03-30

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.

Do I need to act?

-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Linux

References (8)

Third Party Advisory http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Secur...
Vendor Advisory https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b51...
Mailing List https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20230526-0009/
Third Party Advisory http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Secur...
Vendor Advisory https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b51...
Mailing List https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20230526-0009/
29
/ 100
low-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal