4.3
CVE-2022-3646
- EPSS 0.81%
- Veröffentlicht 21.10.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:19:56
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Linux Kernel BPF segment.c nilfs_attach_log_writer memory leak
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version-
Debian ≫ Debian Linux Version10.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.81% | 0.525 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| cna@vuldb.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
CWE-404 Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d51a97063db4704a5ef6bc978dddab1636a306
https://vuldb.com/?id.211961