CVE-2022-3545

Description

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 6%

Techniques & Countermeasures

• CWE-119•Improper Restriction of Operations within the Bounds of a Memory Buffer

  The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Affected Systems

• debian•debian_linux

  10.0 | 11.0

• Unknown•Kernel

  n/a

• linux•linux_kernel

  ≥ 4.11, < 4.14.303 | ≥ 4.15, < 4.19.270 | ≥ 4.20, < 5.4.228 | ≥ 5.5, < 5.10.160 | ≥ 5.11, < 5.15.84

• netapp•h300s_firmware

  na

• netapp•h410c_firmware

  na

• netapp•h410s_firmware

  na

• netapp•h500s_firmware

  na

• netapp•h700s_firmware

  na

References (6)

• https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a
• https://vuldb.com/?id.211045
• https://security.netapp.com/advisory/ntap-20221223-0003/
• https://www.debian.org/security/2023/dsa-5324
• https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html
• https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html