CVE-2022-47929

kernel: NULL pointer dereference in traffic control subsystem

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.

A NULL pointer dereference flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the alloc_workqueue function return is not validated in time of failure, resulting in a system crash or leaked internal kernel information.

David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2022-12-22 CVE Reserved
2023-01-17 CVE Published
2025-04-04 CVE Updated
2025-04-04 First Exploit
2025-04-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (9)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html	Mailing List
https://tldp.org/HOWTO/Traffic-Control-HOWTO/components.html	Third Party Advisory

URL	Date	SRC
https://www.spinics.net/lists/netdev/msg555705.html	2025-04-04

URL	Date	SRC
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6	2023-05-03
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96398560f26aa07e8f2969d73c8197e6a6d10407	2023-05-03

URL	Date	SRC
https://www.debian.org/security/2023/dsa-5324	2023-05-03
https://access.redhat.com/security/cve/CVE-2022-47929	2024-01-25
https://bugzilla.redhat.com/show_bug.cgi?id=2168246	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.6 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.6"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected