PT-2022-7364 · Linux+2 · Linux Kernel+2

Published

2022-03-07

·

Updated

2023-08-14

·

CVE-2022-3078

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.16-rc6
Description An issue was discovered in the Linux kernel, related to a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv s302m.c. This issue is associated with the vidtv s302m encoder init() function in the Vidtv driver module. Exploitation of this issue may allow an attacker to cause a denial of service.
Recommendations For Linux kernel versions through 5.16-rc6, consider disabling the vidtv s302m encoder init() function as a temporary workaround until a patch is available. Restrict access to the drivers/media/test-drivers/vidtv/ module to minimize the risk of exploitation. Avoid using the vzalloc() function in the affected vidtv s302m.c file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2022-2050
ALT-PU-2022-2131
ALT-PU-2022-2152
ALT-PU-2022-2155
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-10823
BDU:2024-04167
CVE-2022-3078
OESA-2022-1942
OPENSUSE-SU-2022_3288-1
OPENSUSE-SU-2022_3293-1
OPENSUSE-SU-2022_4617-1
SUSE-SU-2022:3288-1
SUSE-SU-2022:3293-1
SUSE-SU-2022:4617-1

Affected Products

Alt Linux
Linux Kernel
Suse