Linux Kernel CIFS fs/cifs/sess.c sess_free_buffer double free

A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. Using CWE to declare the problem leads to CWE-415. The weakness was shared 10/18/2022. The advisory is shared for download at git.kernel.org. This vulnerability is handled as CVE-2022-3595. Access to the local network is required for this attack to succeed. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. As 0-day the estimated underground price was around $5k-$25k. The bugfix is ready for download at git.kernel.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

139

Field

vulnerability_cvss3_meta_tempscore2
vulnerability_cvss3_meta_basescore2
vulnerability_cvss3_cna_basescore1
vulnerability_cvss3_nvd_basescore1
source_cve_cna1

Commit Conf

90%33
70%19
50%12

Approve Conf

90%33
70%19
80%12
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1324324711/10/2022VulD...cvss3_cna_basescore3.5see CVSS documentation11/10/2022accepted
90
1324324611/10/2022VulD...cvss3_nvd_basescore5.5nist.gov11/10/2022accepted
90
1324324511/10/2022VulD...cvss3_meta_tempscore4.1see CVSS documentation11/10/2022accepted
90
1324324411/10/2022VulD...cvss3_meta_basescore4.2see CVSS documentation11/10/2022accepted
90
1324324311/10/2022VulD...cve_cnaVulDBnvd.nist.gov11/10/2022accepted
70
1324324211/10/2022VulD...cvss3_cna_aLnvd.nist.gov11/10/2022accepted
70
1324324111/10/2022VulD...cvss3_cna_iNnvd.nist.gov11/10/2022accepted
70
1324324011/10/2022VulD...cvss3_cna_cNnvd.nist.gov11/10/2022accepted
70
1324323911/10/2022VulD...cvss3_cna_sUnvd.nist.gov11/10/2022accepted
70
1324323811/10/2022VulD...cvss3_cna_uiNnvd.nist.gov11/10/2022accepted
70
1324323711/10/2022VulD...cvss3_cna_prLnvd.nist.gov11/10/2022accepted
70
1324323611/10/2022VulD...cvss3_cna_acLnvd.nist.gov11/10/2022accepted
70
1324323511/10/2022VulD...cvss3_cna_avAnvd.nist.gov11/10/2022accepted
70
1324323411/10/2022VulD...cvss3_nvd_aHnvd.nist.gov11/10/2022accepted
70
1324323311/10/2022VulD...cvss3_nvd_iNnvd.nist.gov11/10/2022accepted
70
1324323211/10/2022VulD...cvss3_nvd_cNnvd.nist.gov11/10/2022accepted
70
1324323111/10/2022VulD...cvss3_nvd_sUnvd.nist.gov11/10/2022accepted
70
1324323011/10/2022VulD...cvss3_nvd_uiNnvd.nist.gov11/10/2022accepted
70
1324322911/10/2022VulD...cvss3_nvd_prLnvd.nist.gov11/10/2022accepted
70
1324322811/10/2022VulD...cvss3_nvd_acLnvd.nist.gov11/10/2022accepted
70

44 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!