Skip to content

kernel CVE-2022-47929

Moderate
rpkelly published GHSA-4gr8-53jw-hp89 Mar 21, 2023

Package

kernel-5.10 (bottlerocket)

Affected versions

< 1.13.0

Patched versions

1.13.0
kernel-5.15 (bottlerocket)
< 1.13.0
1.13.0

Description

A NULL pointer dereference flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the alloc_workqueue function return is not validated in time of failure, resulting in a system crash or leaked internal kernel information.

Severity

Moderate

CVE ID

CVE-2022-47929

Weaknesses

No CWEs