CVE-2022-3649

CWE-119Buffer OverflowCWE-416Use After FreeCWE-91128 documents7 sources
Severity
7.0HIGH
EPSS
0.1%
top 78.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux Linux KernelLinux KernelDebian Debian Linux
Timeline
PublishedOct 21
Latest updateApr 11

Description

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.6 | Impact: 1.4

Affected Packages3 packages

NVDlinux/linux_kernel4.104.14.296+7
CVEListV5linux/kerneln/a
Debianlinux< 5.10.148-1+3

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-x63h-2cwq-phxf: A vulnerability was found in Linux Kernel2022-10-22
OSV
CVE-2022-3649: A vulnerability was found in Linux Kernel2022-10-21
CVEList
Linux Kernel BPF inode.c nilfs_new_inode use after free2022-10-21

📋Vendor Advisories

24
Ubuntu
Linux kernel (GCP) vulnerabilities2023-04-11
Ubuntu
Linux kernel (OEM) vulnerabilities2023-03-27
Ubuntu
Linux kernel vulnerabilities2023-03-27
Ubuntu
Linux kernel (Azure) vulnerabilities2023-03-06
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-03-03
CVE-2022-3649 (HIGH CVSS 7) | A vulnerability was found in Linux | cvebase.io