CVE-2022-0322

MEDIUM

Linux Kernel - DoS

Title source: llm

Description

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).

References (3)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2042822

[Patch, Vendor Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 5.5

EPSS 0.0009

EPSS Percentile 25.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-681 CWE-704

Status published

Products (6)

fedoraproject/fedora 35

linux/linux_kernel 5.15 (6 CPE variants)

linux/linux_kernel < 5.15

oracle/communications_cloud_native_core_binding_support_function 22.1.3

oracle/communications_cloud_native_core_network_exposure_function 22.1.1

oracle/communications_cloud_native_core_policy 22.2.0

Published Mar 25, 2022

Tracked Since Feb 18, 2026