CVE-2022-1012

HIGH

Linux Kernel < 5.18 - Memory Leak

Title source: rule

Description

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

Exploits (1)

nomisec

by nanopathi · poc

https://github.com/nanopathi/Linux-4.19.72_CVE-2022-1012

View on nomisec

References (3)

[Mailing List] https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2064604

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20221020-0006/

Scores

CVSS v3 8.2

EPSS 0.0028

EPSS Percentile 51.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (7)

linux/linux_kernel < 5.18

linux/linux_kernel

Timeline

Published Aug 05, 2022

Tracked Since Feb 18, 2026