CVE-2022-3595

EPSS 0.02%
Published 18.10.2022 20:15:09
Last modified 21.11.2024 07:19:50
Source cna@vuldb.com
CVE-Watchlists
Login
Open
Login

A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211364.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.019

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com	3.5	2.1	1.4	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b854b4ee66437e6e1622fda90529c814978cb4ca

Patch

Vendor Advisory

Mailing List

https://vuldb.com/?id.211364

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2022-3595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3595

EUVD