CVE-2022-1012

HIGH

Linux Kernel < 5.18 - Memory Leak

Title source: rule

Description

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

References (3)

Core 3

Core References

Mailing List

https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/

Issue Tracking, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2064604

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221020-0006/

Scores

CVSS v3 8.2

EPSS 0.0038

EPSS Percentile 59.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Details

CWE

CWE-401

Status published

Products (2)

linux/linux_kernel 5.18 (6 CPE variants)

linux/linux_kernel < 5.18

Published Aug 05, 2022

Tracked Since Feb 18, 2026