How severe is CVE-2022-49873?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-49873?

This is classified as CWE-704, which is a common weakness in software security.

CVE-2022-49873 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper functions. When a resource is released, all pointer registers corresponding to the resource should be invalidated. The verifier use release_references() to do this job, by apply __mark_reg_unknown() to each relevant register. It will give these registers the type of SCALAR_VALUE. A register that will contain a pointer value at runtime, but of type SCALAR_VALUE, which may allow the unprivileged user to get a kernel pointer by storing this register into a map. Using __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this problem.

Related Vulnerabilities

CVE-2017-13855

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "...

CWE-7042017

CVE-2021-23566

MEDIUM

CVSS:5.5(Medium)

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

CWE-7042021

CVE-2021-28275

MEDIUM

CVSS:5.5(Medium)

A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file.

CWE-7042021

CVE-2024-21478

MEDIUM

CVSS:5.5(Medium)

transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA.

CWE-7042024

CVE-2024-36735

MEDIUM

CVSS:5.3(Medium)

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating.

CWE-7042024

CVE-2019-6147

MEDIUM

CVSS:5.9(Medium)

Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database...

CWE-7042019