CVE-2022-3545

CWE-119Buffer OverflowCWE-416Use After Free33 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 95.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux Linux KernelLinux KernelDebian Debian Linux
Timeline
PublishedOct 17
Latest updateApr 11

Description

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages3 packages

NVDlinux/linux_kernel4.114.14.303+4
CVEListV5linux/kerneln/a
Debianlinux< 5.10.162-1+3

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

5
OSV
linux-oem-5.17 vulnerabilities2023-02-09
OSV
linux-oem-5.14 vulnerabilities2023-02-09
GHSA
GHSA-xgm6-4c8q-9hmf: A vulnerability has been found in Linux Kernel and classified as critical2022-10-17
OSV
CVE-2022-3545: A vulnerability has been found in Linux Kernel and classified as critical2022-10-17
CVEList
Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free2022-10-17

📋Vendor Advisories

27
Ubuntu
Linux kernel (GCP) vulnerabilities2023-04-11
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-04-05
Ubuntu
Linux kernel vulnerabilities2023-03-27
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-03-16
Ubuntu
Linux kernel (KVM) vulnerabilities2023-03-14
CVE-2022-3545 (HIGH CVSS 7.8) | A vulnerability has been found in L | cvebase.io