CVE-2022-48934

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 22, 2024
CWE ID 401

Summary

CVE-2022-48934 is a vulnerability in the Linux kernel affecting products that include various configurations of NFP (Network Function Platform) software. The vulnerability arises from a potential leak in the nfp_tunnel_add_shared_mac() function, where an invalid ID may be returned within a valid range, which can lead to errors if not handled properly. To remediate this issue, it's essential to update the affected software by applying patches that ensure the 'invalid' value for ida_idx is set to -1 instead of falling within the valid range. The vulnerability poses a medium severity threat with an exploitability score of 1.8, primarily affecting availability but requiring low privileges and no user interaction for exploitation. Organizations using vulnerable products should implement updates promptly to mitigate potential disruptions or failures in service availability associated with this flaw.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share