VDB

DEBIAN-CVE-2022-47929

DEBIAN-CVE-2022-47929 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:12linux0, 0, 0
Debian:11linux0, 5.10.92-1, 5.10.70-1
Debian:13linux0, 0, 0
Debian:14linux0, 0, 0

Timeline

  • Jan 17, 2023 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›