CVE-2022-3028

CVE-2022-3028

Name

CVE-2022-3028

Description

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5
MISC	https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/
Mailing List	https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
Mailing List	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Third Party Advisory	https://security.netapp.com/advisory/ntap-20230214-0004/
	https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/

Type

URI

MISC

https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5

MISC

https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/

Mailing List

https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html

Mailing List

https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230214-0004/

https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= None	< 6.0
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= 3.14	< 4.9.327
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= 4.10	< 4.14.292
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= 4.15	< 4.19.257
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= 4.20	< 5.4.212
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= 5.5	< 5.10.140
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= 5.11	< 5.15.64
`cpe:2.3:o:linux:linux_kernel::::::::`	linux_kernel	>= 5.16	< 5.19.6

CPE URI

Source package

Min version

Max version