CVE-2022-3526

CWE-404 CWE-401 — Memory Leak6 documents6 sources

Severity

7.5HIGH

EPSS

1.0%

top 23.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Linux Kernel

Timeline

PublishedOct 16

Latest updateOct 17

Description

A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDlinux/linux_kernel5.13 — 5.15.35+1

▶CVEListV5linux/kerneln/a

▶Debianlinux< 5.17.6-1+2

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-ffmj-8phg-m99p: A vulnerability classified as problematic was found in Linux Kernel↗2022-10-17

▶

CVEList

Linux Kernel skb macvlan.c macvlan_handle_frame memory leak↗2022-10-16

▶

OSV

CVE-2022-3526: A vulnerability classified as problematic was found in Linux Kernel↗2022-10-16

▶

📋Vendor Advisories

Red Hat

kernel: A flaw in macvlan_handle_frame in drivers/net/macvlan.c may cause a memory leak↗2022-04-13

▶

Debian

CVE-2022-3526: linux - A vulnerability classified as problematic was found in Linux Kernel. This vulner...↗2022

▶