CVE-2022-1852

Public on 2022-06-30

Modified on 2024-02-28

Description

A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.

Severity

Medium

See what this means

CVSS v3 Base Score

5.5

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Kernel-5.10 Extra	kernel	2022-07-15	ALAS2KERNEL-5.10-2022-015
Amazon Linux 2 - Kernel-5.15 Extra	kernel	2022-07-15	ALAS2KERNEL-5.15-2022-002
Amazon Linux 2023	kernel	2023-03-22	ALAS2023-2023-070

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD	CVSSv2	2.1	AV:L/AC:L/Au:N/C:N/I:N/A:P
NVD	CVSSv3	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2022-1852 Mitre: CVE-2022-1852