CVE-2022-3105

MEDIUM

Linux Kernel < 5.16.0 - NULL Pointer Dereference in uapi_finalize

Title source: llm

An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().

Core 2

Core References

Issue Tracking, Third Party Advisory

Patch, Vendor Advisory

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 11.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-476

Status published

Products (2)

linux/linux_kernel 5.16.0 (7 CPE variants)

linux/linux_kernel < 5.16.0

Published Dec 14, 2022

Tracked Since Feb 18, 2026