7

CVE-2022-3028

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.14 < 4.9.327
LinuxLinux Kernel Version >= 4.10 < 4.14.292
LinuxLinux Kernel Version >= 4.15 < 4.19.257
LinuxLinux Kernel Version >= 4.20 < 5.4.212
LinuxLinux Kernel Version >= 5.5 < 5.10.140
LinuxLinux Kernel Version >= 5.11 < 5.15.64
LinuxLinux Kernel Version >= 5.16 < 5.19.6
LinuxLinux Kernel Version6.0 Updaterc1
LinuxLinux Kernel Version6.0 Updaterc2
FedoraprojectFedora Version35
FedoraprojectFedora Version36
FedoraprojectFedora Version37
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.017
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.