Linux Kernel IPsec drivers/atm/idt77252.c tst_timer use after free
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer
of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. Using CWE to declare the problem leads to CWE-416. The weakness was shared 10/21/2022 as DLA 3173-1. The advisory is available at git.kernel.org.
This vulnerability is handled as CVE-2022-3635. The attack can only be initiated within the local network. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment.
It is declared as not defined. As 0-day the estimated underground price was around $5k-$25k.
The bugfix is ready for download at git.kernel.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.