CVE-2022-3623

CWE-362Race ConditionCWE-12321 documents7 sources
Severity
7.5HIGH
EPSS
0.1%
top 76.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux Linux KernelLinux KernelDebian Debian Linux
Timeline
PublishedOct 20
Latest updateApr 5

Description

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages3 packages

NVDlinux/linux_kernel5.15.4.228+4
CVEListV5linux/kerneln/a
Debianlinux< 5.10.162-1+3

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

4
OSV
linux-aws, linux-aws-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-intel-iotg vulnerabilities2023-02-15
GHSA
GHSA-q52p-4hj9-4wrq: A vulnerability was found in Linux Kernel2022-10-21
OSV
CVE-2022-3623: A vulnerability was found in Linux Kernel2022-10-20
CVEList
Linux Kernel BPF gup.c follow_page_pte race condition2022-10-20

📋Vendor Advisories

16
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-04-05
Ubuntu
Linux kernel (IBM) vulnerabilities2023-03-14
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2023-03-09
Ubuntu
Linux kernel (GCP) vulnerabilities2023-03-08
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2023-03-07
CVE-2022-3623 (HIGH CVSS 7.5) | A vulnerability was found in Linux | cvebase.io