CVE-2022-43590 MEDIUM

CVE-2022-43590

Vendor Callback Technologies
Product CBFS Filter
Weakness CWE-476
Published November 28, 2022
Last update April 15, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

Key dates

02Disclosure timeline

November 28, 2022 CVE published
April 15, 2025 Record updated