CVE-2022-3625

CWE-119Buffer OverflowCWE-416Use After Free10 documents7 sources
Severity
7.8HIGH
EPSS
0.0%
top 93.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux Linux KernelLinux KernelDebian Debian Linux
Timeline
PublishedOct 21
Latest updateNov 29

Description

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages3 packages

NVDlinux/linux_kernel4.195.4.211+3
CVEListV5linux/kerneln/a
Debianlinux< 5.10.140-1+3

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
Linux Kernel IPsec devlink.c devlink_param_get use after free2022-10-21
OSV
CVE-2022-3625: A vulnerability was found in Linux Kernel2022-10-21
GHSA
GHSA-69vv-8r9h-g8x5: A vulnerability was found in Linux Kernel2022-10-21

📋Vendor Advisories

6
Ubuntu
Linux kernel (GCP) vulnerabilities2022-11-29
Ubuntu
Linux kernel vulnerabilities2022-11-18
Ubuntu
Linux kernel vulnerabilities2022-11-17
Ubuntu
Linux kernel vulnerabilities2022-11-17
Red Hat
kernel: use-after-free after failed devlink reload in devlink_param_get2022-08-09
CVE-2022-3625 (HIGH CVSS 7.8) | A vulnerability was found in Linux | cvebase.io