CVE-2022-3643Injection in Kernel

CWE-74InjectionCWE-26447 documents9 sources
Severity
6.5MEDIUMNVD
OSV6.7OSV6.6OSV5.5OSV4.3CISA7.8
EPSS
0.1%
top 74.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxDebian Linux
Timeline
PublishedDec 7
Latest updateJun 13

Description

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II B

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

debiandebian/linux< linux 6.1.4-1 (bookworm)
NVDlinux/linux_kernel3.194.9.336+6
Debianlinux/linux_kernel< 5.10.158-1+3
Ubuntulinux/linux_kernel< 4.15.0-202.213+7

Also affects: Debian Linux 10.0

🔴Vulnerability Details

23
OSV
Kernel Live Patch Security Notice2023-11-28
OSV
linux-bluefield vulnerabilities2023-03-03
OSV
sox vulnerabilities2023-03-02
OSV
linux-hwe-5.19 vulnerabilities2023-02-16
OSV
linux-gke-5.15 vulnerabilities2023-02-15

📋Vendor Advisories

23
CISA ICS
Siemens SIMATIC and SIPLUS2024-06-13
Ubuntu
Kernel Live Patch Security Notice2023-11-28
CISA ICS
​Siemens SIMATIC MV500 Devices2023-07-13
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-03-03
Ubuntu
Linux kernel (HWE) vulnerabilities2023-02-16