QwikSec

Security Database

CVE

CWE

Training

CVE-2022-47929

Published: Jan 17, 2023

Modified: Apr 4, 2025

PUBLISHED

Description

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.spinics.net/lists/netdev/msg555705.html

https://tldp.org/HOWTO/Traffic-Control-HOWTO/components.html

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96398560f26aa07e8f2969d73c8197e6a6d10407

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6

vendor-advisory

[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update

mailing-list

[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.