Vulnerability Description
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.18 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2064604Issue TrackingThird Party Advisory
- https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/
- https://security.netapp.com/advisory/ntap-20221020-0006/Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2064604Issue TrackingThird Party Advisory
- https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/
- https://security.netapp.com/advisory/ntap-20221020-0006/Third Party Advisory
FAQ
What is CVE-2022-1012?
CVE-2022-1012 is a vulnerability with a CVSS score of 8.2 (HIGH). A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a d...
How severe is CVE-2022-1012?
CVE-2022-1012 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1012?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.