CVE-2022-28388

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/
https://security.netapp.com/advisory/ntap-20220513-0001/	Third Party Advisory
https://www.debian.org/security/2022/dsa-5127	Third Party Advisory
https://www.debian.org/security/2022/dsa-5173	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:45

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/', 'name': 'FEDORA-2022-af492757d9', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/', 'name': 'FEDORA-2022-5cd9d787dc', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/', 'name': 'FEDORA-2022-91633399ff', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/ -

03 Jan 2023, 15:11

Type	Values Removed	Values Added
CPE	cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h700e:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h500e:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h300e:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:::::::*	cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:netapp:h500e_firmware:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h700e_firmware:-:::::::* cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:o:netapp:h300e_firmware:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:h:netapp:h500e:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:h:netapp:h700e:-:::::::* cpe:2.3:h:netapp:h300e:-:::::::*
First Time		Netapp h700e Netapp h500e Netapp h700s Netapp h500s Netapp h300e Netapp h700s Firmware Netapp h410c Firmware Netapp h410s Netapp h300s Firmware Netapp h500e Firmware Netapp h700e Firmware Netapp h300e Firmware Netapp h300s Netapp h500s Firmware Netapp h410c Netapp h410s Firmware
References	~~(DEBIAN) https://www.debian.org/security/2022/dsa-5173 -~~	(DEBIAN) https://www.debian.org/security/2022/dsa-5173 - Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/ - Third Party Advisory~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/ - Third Party Advisory~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/ - Mailing List, Third Party Advisory
CVSS	v2 : ~~4.6~~ v3 : ~~7.8~~	v2 : 2.1 v3 : 5.5

04 Jul 2022, 11:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2022/dsa-5173 -

01 Jun 2022, 19:39

Type	Values Removed	Values Added
First Time		Fedoraproject Netapp hci Baseboard Management Controller Fedoraproject fedora Debian Debian debian Linux Netapp
References	~~(DEBIAN) https://www.debian.org/security/2022/dsa-5127 -~~	(DEBIAN) https://www.debian.org/security/2022/dsa-5127 - Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/ - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20220513-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20220513-0001/ - Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/ - Third Party Advisory
CPE		cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h300e:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h700e:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::* cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:o:fedoraproject:fedora:34:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:h500e:::::::*

13 May 2022, 22:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20220513-0001/ -

03 May 2022, 11:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2022/dsa-5127 -

13 Apr 2022, 18:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/ -

11 Apr 2022, 06:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/ -

09 Apr 2022, 15:40

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.6 v3 : 7.8
CWE		CWE-415
References	~~(MISC) https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2 -~~	(MISC) https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2 - Patch, Third Party Advisory

03 Apr 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-04-03 21:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-28388

Mitre link : CVE-2022-28388

CVE.ORG link : CVE-2022-28388

JSON object : View

Products Affected

netapp

h700s_firmware
h700e
h700e_firmware
h700s
h300s_firmware
h300s
h300e
h500e_firmware
h410c_firmware
h500s
h410c
h410s
h410s_firmware
h500s_firmware
h300e_firmware
h500e

debian

debian_linux

linux

linux_kernel

fedoraproject

fedora

CWE

CWE-415

Double Free

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2022-28388

5.5^/10

2.1^/10

Attach tags to `CVE-2022-28388`