Linux Kernel IPsec drivers/atm/idt77252.c tst_timer use after free

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. Using CWE to declare the problem leads to CWE-416. The weakness was shared 10/21/2022 as DLA 3173-1. The advisory is available at git.kernel.org. This vulnerability is handled as CVE-2022-3635. The attack can only be initiated within the local network. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. It is declared as not defined. As 0-day the estimated underground price was around $5k-$25k. The bugfix is ready for download at git.kernel.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

139

Field

vulnerability_cvss3_meta_tempscore2
vulnerability_cvss3_meta_basescore2
vulnerability_cvss3_cna_basescore1
vulnerability_cvss3_nvd_basescore1
source_cve_cna1

Commit Conf

90%31
70%20
50%13
100%1

Approve Conf

90%31
70%20
80%13
100%1
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1328268511/19/2022VulD...cvss3_cna_basescore5.5see CVSS documentation11/19/2022accepted
90
1328268411/19/2022VulD...cvss3_nvd_basescore7.0nist.gov11/19/2022accepted
90
1328268311/19/2022VulD...cvss3_meta_tempscore5.9see CVSS documentation11/19/2022accepted
90
1328268211/19/2022VulD...cvss3_meta_basescore6.0see CVSS documentation11/19/2022accepted
90
1328268111/19/2022VulD...cve_cnaVulDBnvd.nist.gov11/19/2022accepted
70
1328268011/19/2022VulD...cvss3_cna_aLnvd.nist.gov11/19/2022accepted
70
1328267911/19/2022VulD...cvss3_cna_iLnvd.nist.gov11/19/2022accepted
70
1328267811/19/2022VulD...cvss3_cna_cLnvd.nist.gov11/19/2022accepted
70
1328267711/19/2022VulD...cvss3_cna_sUnvd.nist.gov11/19/2022accepted
70
1328267611/19/2022VulD...cvss3_cna_uiNnvd.nist.gov11/19/2022accepted
70
1328267511/19/2022VulD...cvss3_cna_prLnvd.nist.gov11/19/2022accepted
70
1328267411/19/2022VulD...cvss3_cna_acLnvd.nist.gov11/19/2022accepted
70
1328267311/19/2022VulD...cvss3_cna_avAnvd.nist.gov11/19/2022accepted
70
1328267211/19/2022VulD...cvss3_nvd_aHnvd.nist.gov11/19/2022accepted
70
1328267111/19/2022VulD...cvss3_nvd_iHnvd.nist.gov11/19/2022accepted
70
1328267011/19/2022VulD...cvss3_nvd_cHnvd.nist.gov11/19/2022accepted
70
1328266911/19/2022VulD...cvss3_nvd_sUnvd.nist.gov11/19/2022accepted
70
1328266811/19/2022VulD...cvss3_nvd_uiNnvd.nist.gov11/19/2022accepted
70
1328266711/19/2022VulD...cvss3_nvd_prLnvd.nist.gov11/19/2022accepted
70
1328266611/19/2022VulD...cvss3_nvd_acHnvd.nist.gov11/19/2022accepted
70

45 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!