CVE-2022-3635

CVSS V2 None CVSS V3 High 7

Description

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.

Overview

CVE ID
CVE-2022-3635

Assigner
cna@vuldb.com

Vulnerability Status
Analyzed

Published Version
2022-10-21T11:15:09

Last Modified Date
2022-12-03T02:39:06

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:o:linux:linux_kernel:-:::::::*	1	OR
cpe:2.3:o:debian:debian_linux:10.0:::::::*	1	OR

CVSS Version 3

Version
3.1

Vector String
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector
LOCAL

Attack Compatibility
HIGH

Privileges Required
LOW

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
HIGH

Availability Impact
HIGH

Base Score
7

Base Severity
HIGH

Exploitability Score
1

Impact Score
5.9

References

Reference URL	Reference Tags
https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=3f4093e2bf4673f218c0bf17d8362337c400e77b	Exploit Mailing List Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html	Mailing List Third Party Advisory
https://vuldb.com/?id.211934	Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-3635
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3635

History

Created	Old Value	New Value	Data Type	Notes
2022-10-21 12:00:11				Added to TrackCVE
2022-12-07 10:41:42	2022-10-21T11:15Z	2022-10-21T11:15:09	CVE Published Date	updated
2022-12-07 10:41:42		2022-12-03T02:39:06	CVE Modified Date	updated
2022-12-07 10:41:42		Analyzed	Vulnerability Status	updated
2022-12-07 10:42:09			References	updated