NULL Pointer Dereference
CVE-2022-31076
Summary
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In versions prior to 1.9.3, 1.10.x prior to 1.10.1 and 1.11.x prior to 1.11.0-beta.0., a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. Users unable to upgrade should disable the unixsocket switch of CloudHub in the config file cloudcore.yaml.
- LOW
- ADJACENT NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
References
Advisory Timeline
- Published