A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit
of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. Using CWE to declare the problem leads to CWE-401. The weakness was presented 10/21/2022. The advisory is shared for download at git.kernel.org.
This vulnerability is handled as CVE-2022-3624. The attack needs to be done within the local network. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment.
It is declared as not defined. As 0-day the estimated underground price was around $0-$5k.
The bugfix is ready for download at git.kernel.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.