CVE-2022-3524

CWE-404 CWE-401 — Memory Leak25 documents7 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 81.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Linux Kernel Debian Debian Linux

Timeline

PublishedOct 16

Latest updateJan 5

Description

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDlinux/linux_kernel< 2.6.12+1

▶CVEListV5linux/kerneln/a

▶Debianlinux< 5.10.158-1+3

▶Ubuntulinux-oem-6.0< 6.0.0-1008.8

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-oem-6.0 vulnerabilities↗2022-12-14

▶

OSV

linux-azure, linux-azure-5.4 vulnerabilities↗2022-12-12

▶

OSV

linux-gke vulnerabilities↗2022-12-02

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities↗2022-12-01

▶

GHSA

GHSA-g397-g5h4-jrx6: A vulnerability was found in Linux Kernel↗2022-10-16

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OEM) vulnerabilities↗2023-01-05

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2022-12-14

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2022-12-14

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2022-12-12

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2022-12-12

▶