CVE-2022-3028Improper Locking in Kernel

CWE-667Improper LockingCWE-362Race ConditionCWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read30 documents10 sources
Severity
7.0HIGHNVD
OSV6.7OSV5.5
EPSS
0.0%
top 98.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Linux KernelGithub.com Talos-systems TalosDebian Linux+8 more
Timeline
PublishedAug 31
Latest updateJun 15

Description

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages12 packages

NVDlinux/linux_kernel3.144.9.327+7
Debianlinux/linux_kernel< 5.10.140-1+3
Ubuntulinux/linux_kernel< 4.15.0-197.208+3
CVEListV5linux/linux_kernelFixed in kernel 6.0-rc3

Also affects: Debian Linux 10.0, Fedora 35, 36, 37

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

14
OSV
linux-azure vulnerabilities2022-12-12
OSV
linux-gcp-5.4 vulnerabilities2022-11-29
OSV
linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4 vulnerabilities2022-11-18
OSV
linux-gcp, linux-gcp-4.15 vulnerabilities2022-11-18
OSV
linux-gcp-5.15, linux-gke-5.15, linux-intel-iotg, linux-raspi vulnerabilities2022-11-18

📋Vendor Advisories

15
CISA ICS
Siemens SIMATIC S7-1500 TM MFP BIOS2023-06-15
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Oracle
Oracle Oracle Communications Risk Matrix: Virtual Network Function Manager (Kernel) — CVE-2022-30282023-01-15
Ubuntu
Linux kernel (Azure) vulnerabilities2022-12-12
Ubuntu
Linux kernel (GCP) vulnerabilities2022-11-29
CVE-2022-3028 — Improper Locking in Linux Kernel | cvebase