Skip to main content

CVE-2022-3104: CWE-476 in Kernel

Medium
VulnerabilityCVE-2022-3104cvecve-2022-3104cwe-476
Published: Wed Dec 14 2022 (12/14/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: Kernel

Description

An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.

AI-Powered Analysis

AILast updated: 06/21/2025, 20:09:47 UTC

Technical Analysis

CVE-2022-3104 is a medium-severity vulnerability identified in the Linux kernel, specifically affecting version 5.16-rc6. The issue arises from the lack of proper error handling in the kernel's lkdtm_ARRAY_BOUNDS test case located in drivers/misc/lkdtm/bugs.c. This test case fails to check the return value of the kmalloc() function, which is responsible for allocating memory in kernel space. If kmalloc() returns NULL due to memory allocation failure, subsequent dereferencing of this null pointer leads to a kernel null pointer dereference (CWE-476). This results in a denial of service (DoS) condition by crashing the kernel or causing a system panic. The vulnerability requires local privileges with at least limited permissions (PR:L) and does not require user interaction (UI:N). The attack vector is local (AV:L), meaning an attacker must have some level of access to the system to exploit this flaw. The vulnerability does not impact confidentiality or integrity but affects availability by causing system crashes. There are no known exploits in the wild, and no official patches are linked in the provided data, although it is likely that kernel maintainers have addressed this in later releases. The vulnerability is primarily a robustness issue in kernel memory management error handling within a specific test driver (lkdtm), which is typically used for kernel self-testing and debugging purposes rather than production workloads. However, if this test module is enabled or accessible, exploitation can lead to system instability or denial of service.

Potential Impact

For European organizations, the impact of CVE-2022-3104 is primarily related to system availability. Organizations running Linux kernel version 5.16-rc6 or similar development/testing kernels that include the lkdtm test modules could experience system crashes if this vulnerability is triggered. This could disrupt critical services, especially in environments relying on Linux servers for infrastructure, cloud services, or embedded systems. Since the vulnerability requires local access, the risk is higher in multi-user environments or where untrusted users have shell access. The vulnerability does not allow privilege escalation or data compromise directly but could be used as part of a larger attack chain to cause denial of service or to destabilize systems. European sectors such as finance, telecommunications, manufacturing, and government, which often rely on Linux-based infrastructure, could face operational disruptions. However, the limited scope (specific kernel version and test driver) and lack of known exploits reduce the immediate threat level. Organizations using stable or long-term support (LTS) kernel versions are less likely to be affected. The vulnerability also has limited impact on cloud providers unless the affected kernel version is deployed in their infrastructure or customer environments.

Mitigation Recommendations

1. Upgrade the Linux kernel to a stable, patched version beyond 5.16-rc6 where this issue is resolved. Avoid using release candidate kernels in production environments. 2. Disable or remove the lkdtm test modules (drivers/misc/lkdtm) if they are not required, as these are primarily intended for kernel testing and debugging. This reduces the attack surface. 3. Restrict local user access to trusted personnel only and enforce strict access controls and user privilege management to prevent untrusted users from triggering the vulnerability. 4. Monitor kernel logs and system stability for signs of null pointer dereference crashes or kernel panics that could indicate exploitation attempts. 5. For organizations running custom or embedded Linux kernels, ensure that memory allocation return values are properly checked and handled in all kernel modules, especially those related to testing or debugging. 6. Implement system integrity monitoring and automated kernel crash reporting to quickly detect and respond to denial of service incidents. 7. Coordinate with Linux distribution vendors and apply security advisories promptly to maintain kernel security hygiene.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
redhat
Date Reserved
2022-09-02T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9849c4522896dcbf6e82

Added to database: 5/21/2025, 9:09:29 AM

Last enriched: 6/21/2025, 8:09:47 PM

Last updated: 8/17/2025, 4:35:14 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats