Skip to main content

NULL Pointer Dereference

CVE-2022-31076

Severity Medium
Score 5.7/10

Summary

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In versions prior to 1.9.3, 1.10.x prior to 1.10.1 and 1.11.x prior to 1.11.0-beta.0., a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. Users unable to upgrade should disable the unixsocket switch of CloudHub in the config file cloudcore.yaml.

  • LOW
  • ADJACENT NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Advisory Timeline

  • Published