DEBIAN-CVE-2022-42432

DEBIAN-CVE-2022-42432 PUBLISHED CVSS 4.400000095367432 MEDIUM

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540.

Risk Scores

CVSS v3.1

4.400000095367432

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:12	linux	0, 0, 0
Debian:13	linux	0, 0, 0
Debian:11	linux	5.10.103-1, 5.10.70-1, 5.10.106-1
Debian:14	linux	0, 0, 0

Timeline

Mar 29, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-42432 advisory

Open in Interactive Console →