CVE-2022-3586

Name
CVE-2022-3586
Description
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/torvalds/linux/commit/9efd23297cca
MISC https://www.zerodayinitiative.com/advisories/upcoming/
Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:* linux_kernel == None == 6.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status