CVE-2022-0617

NameCVE-2022-0617
DescriptionA flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2940-1, DLA-2941-1, DSA-5095-1, DSA-5096-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye (security), bullseye5.10.223-1fixed
bookworm6.1.106-3fixed
bookworm (security)6.1.112-1fixed
trixie6.10.11-1fixed
sid6.10.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcestretch4.9.303-1DLA-2940-1
linuxsourcebuster4.19.232-1DSA-5096-1
linuxsourcebullseye5.10.103-1DSA-5095-1
linuxsource(unstable)5.16.7-1
linux-4.19sourcestretch4.19.232-1~deb9u1DLA-2941-1

Notes

https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee
https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f

Search for package or bug name: Reporting problems