Уязвимость CVE-2022-3028: Информация
Описание
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
Важность: HIGH (7,0) Вектор: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Опубликовано: 31 августа 2022 г.
Изменено: 7 ноября 2023 г.
Исправленные пакеты
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 |
|
[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update |
|
[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update |
|
https://security.netapp.com/advisory/ntap-20230214-0004/ |
|
https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/ | |
FEDORA-2022-6835ddb6d8 | |
FEDORA-2022-35c14ba5bb | |
FEDORA-2022-ccb0138bb6 |