QwikSec

Security Database

CVE

CWE

Training

CVE-2022-3028

Published: Aug 31, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

Vendor	Product	Versions
n/a	Linux kernel	affected `Fixed in kernel 6.0-rc3`

Weaknesses (CWE)

References

https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5

https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/

FEDORA-2022-6835ddb6d8

vendor-advisory

FEDORA-2022-35c14ba5bb

vendor-advisory

FEDORA-2022-ccb0138bb6

vendor-advisory

[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update

mailing-list

[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update

mailing-list

https://security.netapp.com/advisory/ntap-20230214-0004/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.