Wiz
Vulnerability DatabaseCVE-2022-1649

CVE-2022-1649
NixOS vulnerability analysis and mitigation

Overview

A null pointer dereference vulnerability exists in the handleioctl0x830a0systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. The vulnerability was discovered by Emmanuel Tacheau of Cisco Talos and was assigned CVE-2022-43590. The issue was disclosed to the vendor on November 4, 2022, and a patch was released on November 14, 2022 ([Talos Report](https://talosintelligence.com/vulnerabilityreports/TALOS-2022-1649)).

Technical details

The vulnerability exists in the Windows device driver's handling of I/O Request Packets (IRP). When processing specific IOCTL code 0x830a0, the driver fails to properly validate a pointer before passing it to ExFreePoolWithTag, leading to a null pointer dereference. The vulnerability received a CVSSv3 score of 6.2 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is classified as CWE-476 (NULL Pointer Dereference) (Talos Report).

Impact

A specially crafted I/O request packet (IRP) can trigger this vulnerability, leading to a denial of service condition through a Blue Screen of Death (BSOD). The vulnerability affects the system's stability and availability (Talos Report).

Mitigation and workarounds

The vendor released a patch on November 14, 2022, to address this vulnerability. Users should update to the latest version of CBFS Filter to mitigate the risk (Talos Report).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-12819HIGH8.1
  • NixOSNixOS
  • pgbouncer
NoYesDec 03, 2025
CVE-2025-20777MEDIUM6.7
  • NixOSNixOS
  • android
NoNoDec 02, 2025
CVE-2025-65105MEDIUM5.3
  • NixOSNixOS
  • apptainer
NoYesDec 02, 2025
CVE-2025-20789MEDIUM4.4
  • NixOSNixOS
  • android
NoNoDec 02, 2025
CVE-2025-20788MEDIUM4.4
  • NixOSNixOS
  • android
NoNoDec 02, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo