CVE-2022-3105 is a medium-severity vulnerability identified in the Linux kernel versions up to 5.16-rc6, specifically within the InfiniBand subsystem's user API implementation (drivers/infiniband/core/uverbs_uapi.c). The vulnerability arises due to a missing check on the return value of the kmalloc_array() function in the uapi_finalize function. kmalloc_array() is used to allocate memory dynamically, and if it fails, it returns NULL. The absence of a NULL pointer check leads to a potential NULL pointer dereference (classified under CWE-476: NULL Pointer Dereference). This can cause the kernel to crash or become unstable, resulting in a denial of service (DoS) condition. The CVSS 3.1 base score is 5.5, reflecting a medium severity with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating that the attack requires local access with low complexity, privileges, and no user interaction, and impacts availability only. There is no indication of known exploits in the wild, and no patch links are provided in the data, though it is likely that kernel maintainers have addressed this issue in subsequent releases. The vulnerability does not impact confidentiality or integrity but can cause system crashes or kernel panics when triggered by a local attacker with limited privileges, exploiting the InfiniBand user API interface. InfiniBand is a high-performance networking architecture commonly used in data centers and high-performance computing environments, which may limit the exposure to systems using this technology.

For European organizations, the primary impact of CVE-2022-3105 is the potential for denial of service on Linux systems running vulnerable kernel versions with InfiniBand support enabled. This can disrupt critical infrastructure, especially in sectors relying on high-performance computing clusters, scientific research facilities, financial institutions, and data centers that utilize InfiniBand for low-latency, high-throughput networking. The vulnerability requires local access with low privileges, so insider threats or compromised local accounts could exploit it to cause system instability or downtime. While it does not compromise data confidentiality or integrity, availability impacts can lead to operational disruptions, service outages, and potential financial losses. Organizations with Linux-based infrastructure should assess whether their systems use InfiniBand drivers and kernel versions affected by this vulnerability. Given the medium severity and absence of known exploits, the immediate risk is moderate but should not be ignored in environments where uptime and stability are critical.

1. Upgrade the Linux kernel to a version later than 5.16-rc6 where this vulnerability has been patched. Monitor official kernel repositories and vendor advisories for updates addressing CVE-2022-3105. 2. If upgrading immediately is not feasible, disable or unload the InfiniBand kernel modules (e.g., ib_uverbs) on systems that do not require InfiniBand functionality to reduce the attack surface. 3. Restrict local access to trusted users only, enforce strict access controls, and monitor for unusual activity on systems with InfiniBand enabled. 4. Implement host-based intrusion detection systems (HIDS) to detect attempts to exploit kernel vulnerabilities or unusual kernel crashes. 5. Conduct regular audits of kernel versions and configurations across the infrastructure to identify vulnerable systems. 6. For environments where InfiniBand is critical, consider network segmentation and isolation to limit the potential impact of a local exploit. 7. Maintain up-to-date backups and disaster recovery plans to quickly restore service in case of denial of service incidents.