Vulnerability DatabaseCVE-2022-3028
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-3028
August 31, 2022
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
Related ResourcesĀ (15)
https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/
https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
https://access.redhat.com/security/cve/CVE-2022-3028
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/
https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/
https://security.netapp.com/advisory/ntap-20230214-0004/
https://security-tracker.debian.org/tracker/CVE-2022-3028
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/
https://people.canonical.com/~ubuntu-security/cve/CVE-2022-3028
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Locking
CWE-667
EPSS
Base Score:
0.01