CVE-2022-3635

CWE-119 — Buffer Overflow CWE-362 — Race Condition CWE-416 — Use After Free16 documents7 sources

Severity

7.0HIGH

EPSS

0.0%

top 98.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Linux Kernel Debian Debian Linux

Timeline

PublishedOct 21

Latest updateJul 25

Description

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages3 packages

▶NVDlinux/linux_kernel2.6.12 — 4.9.326+6

▶CVEListV5linux/kerneln/a

▶Debianlinux< 5.10.140-1+3

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-oem-5.17 vulnerabilities↗2023-07-25

▶

GHSA

GHSA-344p-v638-q9gc: A vulnerability, which was classified as critical, has been found in Linux Kernel↗2022-10-21

▶

CVEList

Linux Kernel IPsec idt77252.c tst_timer use after free↗2022-10-21

▶

OSV

CVE-2022-3635: A vulnerability, which was classified as critical, has been found in Linux Kernel↗2022-10-21

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OEM) vulnerabilities↗2023-07-25

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2022-12-12

▶

Ubuntu

Linux kernel vulnerabilities↗2022-12-01

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2022-11-29

▶

Ubuntu

Linux kernel vulnerabilities↗2022-11-18

▶