A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get
of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. The CWE definition for the vulnerability is CWE-416. The weakness was published 10/17/2022. The advisory is shared at git.kernel.org.
This vulnerability is known as CVE-2022-3545. The attack can only be initiated within the local network. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment.
It is declared as not defined. We expect the 0-day to have been worth approximately $5k-$25k.
The bugfix is ready for download at git.kernel.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.