Linux Kernel IPsec bond_alb.c rlb_arp_xmit memory leak

A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. Using CWE to declare the problem leads to CWE-401. The weakness was presented 10/21/2022. The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2022-3624. The attack needs to be done within the local network. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The bugfix is ready for download at git.kernel.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field10/21/2022 07:2911/19/2022 07:31
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=4f5d33f4f798b1c6d92b613f0087f639d9836971https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=4f5d33f4f798b1c6d92b613f0087f639d9836971
namePatchPatch
patch_urlhttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=4f5d33f4f798b1c6d92b613f0087f639d9836971https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=4f5d33f4f798b1c6d92b613f0087f639d9836971
cveCVE-2022-3624CVE-2022-3624
responsibleVulDBVulDB
vendorLinuxLinux
nameKernelKernel
componentIPsecIPsec
filedrivers/net/bonding/bond_alb.cdrivers/net/bonding/bond_alb.c
functionrlb_arp_xmitrlb_arp_xmit
cwe401 (memory leak)401 (memory leak)
risk11
date1666303200 (10/21/2022)1666303200 (10/21/2022)
typeOperating SystemOperating System
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss2_vuldb_basescore2.32.3
cvss2_vuldb_tempscore2.02.0
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.43.4
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.43.4
price_0day$0-$5k$0-$5k
cve_assigned1666303200 (10/21/2022)
cve_nvd_summaryA vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928.

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!