CVE-2022-3543
Advisory lineage Upstream: 0 Downstream: 8
Modified
Published: 17 Oct 2022, 00:00
Last modified:03 Aug 2024, 01:14
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.11% LOW
0% probability +0.08%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Oct 2022, 00:00
Published
Vulnerability first disclosed
03 Aug 2024, 01:14
Last Modified
Vulnerability information updated
Description
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043.
CVSS Metrics
- v3.1•LOW•Score: 3.5CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.11%• Percentile: 28%
Techniques & Countermeasures
- CWE-401•Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
- CWE-404•Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
Affected Systems
- Unknown•Kernel
n/a
- linux•linux_kernel
< 6.1