CVE-2022-3586Use After Free in Linux

CWE-416Use After Free34 documents8 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.0OSV4.4
EPSS
0.1%
top 81.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxDebian Linux+2 more
Timeline
PublishedOct 19
Latest updateJul 6

Description

A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

debiandebian/linux< linux 5.19.11-1 (bookworm)
Debianlinux/linux_kernel< 5.10.148-1+3
Ubuntulinux/linux_kernel< 4.15.0-201.212+3
NVDlinux/linux_kernel2.6.395.19+1
CVEListV5linux/linux_kernelFixed in kernel v6.0

Also affects: Debian Linux 10.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

13
GHSA
GHSA-rvvq-r3qv-fpwc: A flaw was found in the Linux kernel’s networking code2023-07-06
OSV
linux-oem-5.17 vulnerabilities2023-05-30
OSV
linux-oem-5.17 vulnerabilities2023-05-10
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2023-04-26
OSV
linux-gke-5.15 vulnerabilities2023-02-15

📋Vendor Advisories

20
CISA ICS
Siemens SIMATIC S7-1500 TM MFP BIOS2023-06-15
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (OEM) vulnerabilities2023-05-30
Ubuntu
Linux kernel (OEM) vulnerabilities2023-05-10
Ubuntu
Linux kernel vulnerabilities2023-04-26