CVE-2022-48940

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 22, 2024
CWE ID 119

Summary

CVE-2022-48940 is a vulnerability in the Linux kernel affecting various products that utilize BPF (Berkeley Packet Filter) maps, specifically when both bpf_spin_lock and bpf_timer objects are present. The flaw arises due to improper handling of memory during the copying process between map values, which can result in a crash if one object overwrites another. If left unaddressed, this can lead to high availability impacts as evidenced by error messages during testing. To remediate this issue, users should apply the latest patches provided in the Linux kernel updates. The vulnerability poses a medium security risk with a CVSS base score of 5.5, requiring low privileges and no user interaction for exploitation, primarily affecting local systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share