{"id":"CVE-2022-0617","details":"A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.","modified":"2026-03-15T22:43:19.415174Z","published":"2022-02-16T17:15:11.577Z","related":["ALSA-2022:7444","ALSA-2022:7683","ALSA-2022:7933","ALSA-2022:8267","SUSE-SU-2022:0756-1","SUSE-SU-2022:0757-1","SUSE-SU-2022:0759-1","SUSE-SU-2022:0761-1","SUSE-SU-2022:0762-1","SUSE-SU-2022:0765-1","SUSE-SU-2022:0766-1","SUSE-SU-2022:0767-1","SUSE-SU-2022:0768-1","SUSE-SU-2022:1037-1","SUSE-SU-2022:1038-1","SUSE-SU-2022:1039-1","SUSE-SU-2022:1257-1","SUSE-SU-2022:14905-1","SUSE-SU-2022:2520-1","SUSE-SU-2022:2615-1","openSUSE-SU-2022:0768-1","openSUSE-SU-2022:1037-1","openSUSE-SU-2022:1039-1"],"references":[{"type":"WEB","url":"https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr%40quack3.lan/T/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5095"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5096"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2022/04/13/2"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.2.1"},{"fixed":"5.17"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2-rc5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2-rc6"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2-rc7"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2-rc8"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.17-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"5.17-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.17-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0617.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}