CVE-2022-2938
HIGHLinux Kernel >=5.2 <5.4.177 - Use-After-Free in Pressure Stall Information
Title source: llmDescription
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
References (2)
Core 2
Core References
Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221223-0002/
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
8.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (8)
fedoraproject/fedora
35
linux/linux_kernel
5.2 - 5.4.177
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500s_firmware
netapp/h700s_firmware
redhat/enterprise_linux
8.0
Published
Aug 23, 2022
Tracked Since
Feb 18, 2026