CVE-2022-3629

CWE-401Memory LeakCWE-404CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation without Limits7 documents6 sources
Severity
3.3LOW
EPSS
0.1%
top 81.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelDebian Debian Linux
Timeline
PublishedOct 21

Description

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5linux/kerneln/a
Debianlinux< 5.10.140-1+3

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-vwm6-3cgq-cw2w: A vulnerability was found in Linux Kernel2022-10-21
CVEList
Linux Kernel af_vsock.c vsock_connect memory leak2022-10-21
OSV
CVE-2022-3629: A vulnerability was found in Linux Kernel2022-10-21

📋Vendor Advisories

3
Red Hat
kernel: memory leak in the function vsock_connect of Virtual Socket Protocol2022-08-08
Red Hat
undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)2022-04-06
Debian
CVE-2022-3629: linux - A vulnerability was found in Linux Kernel. It has been declared as problematic. ...2022
CVE-2022-3629 (LOW CVSS 3.3) | A vulnerability was found in Linux | cvebase.io