CVE-2022-3534

CWE-119 — Buffer Overflow CWE-416 — Use After Free12 documents7 sources

Severity

8.0HIGH

EPSS

0.0%

top 90.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel

Timeline

PublishedOct 17

Latest updateJul 11

Description

A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages3 packages

▶CVEListV5linux/kerneln/a

▶Debianlibbpf< 0.3-2+deb11u1+3

▶Ubuntudwarves-dfsg< 1.21-0ubuntu1~20.04.1+1

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

dwarves-dfsg vulnerabilities↗2023-07-11

▶

OSV

libbpf vulnerabilities↗2022-12-08

▶

OSV

libbpf vulnerabilities↗2022-12-05

▶

GHSA

GHSA-gfpq-px23-jj9f: A vulnerability classified as critical has been found in Linux Kernel↗2022-10-17

▶

OSV

CVE-2022-3534: A vulnerability classified as critical has been found in Linux Kernel↗2022-10-17

▶

📋Vendor Advisories

Ubuntu

dwarves vulnerabilities↗2023-07-11

▶

Ubuntu

LibBPF vulnerabilities↗2022-12-08

▶

Ubuntu

LibBPF vulnerabilities↗2022-12-05

▶

Red Hat

Kernel: use-after-free in btf_dump_name_dups in tools/lib/bpf/btf_dump.c↗2022-10-13

▶

Debian

CVE-2022-3534: libbpf - A vulnerability classified as critical has been found in Linux Kernel. Affected ...↗2022

▶