Skip to main content

Missing Initialization of Resource

CVE-2022-1016

Severity Medium
Score 5.5/10

Summary

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-909 - Missing Initialization of Resource

The software does not initialize a critical resource.

References

Advisory Timeline

  • Published