Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2022-3028 First vendor Publication 2022-08-31
Vendor Cve Last vendor Modification 2022-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7
Base Score 7 Environmental Score 7
impact SubScore 5.9 Temporal Score 7
Exploitabality Sub Score 1
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3028

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
25 % CWE-667 Insufficient Locking
25 % CWE-362 Race Condition
25 % CWE-125 Out-of-bounds Read

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 1
Os 3
Os 3459

Sources (Detail)

Source Url
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
MISC https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe...
https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/
MLIST https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2022-11-22 00:27:29
  • Multiple Updates
2022-11-02 05:27:35
  • Multiple Updates
2022-10-19 02:08:45
  • Multiple Updates
2022-10-11 05:27:23
  • Multiple Updates
2022-10-11 01:25:09
  • Multiple Updates
2022-10-06 21:27:22
  • Multiple Updates
2022-10-03 00:27:27
  • Multiple Updates
2022-09-08 21:27:14
  • Multiple Updates
2022-09-08 00:27:12
  • Multiple Updates
2022-09-03 09:27:14
  • Multiple Updates
2022-09-02 17:27:18
  • Multiple Updates
2022-08-31 21:27:12
  • First insertion