A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
26 May 2023, 19:42
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230214-0004/ - Third Party Advisory |
14 Feb 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-667 |
21 Nov 2022, 19:45
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html - Mailing List, Third Party Advisory |
01 Nov 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-667 CWE-125 |
|
References |
|
06 Oct 2022, 15:29
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html - Mailing List, Third Party Advisory | |
First Time |
Debian debian Linux
Debian |
|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
02 Oct 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Sep 2022, 20:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/ - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/ - Mailing List, Third Party Advisory | |
References | (MISC) https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/ - Mailing List, Patch, Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/ - Mailing List, Third Party Advisory | |
CWE | CWE-362 CWE-787 |
|
CPE | cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
|
First Time |
Linux
Fedoraproject Linux linux Kernel Fedoraproject fedora |
03 Sep 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Sep 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Aug 2022, 16:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-31 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-3028
Mitre link : CVE-2022-3028
CVE.ORG link : CVE-2022-3028
JSON object : View
Products Affected
linux
- linux_kernel
debian
- debian_linux
fedoraproject
- fedora