Lucene search

K
redhatcveRedhat.comRH:CVE-2022-3625
HistoryNov 24, 2022 - 3:56 a.m.

CVE-2022-3625

2022-11-2403:56:00
redhat.com
access.redhat.com
21
netlink interface
linux kernel
use-after-free
network device drivers
denial of service
arbitrary code
mitigation.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

12.6%

A flaw was found in the Netlink device interface implementation in the Linux kernel that improperly handled certain error conditions, leading to a use-after-free issue with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of service (system crash) or execute arbitrary code.

Mitigation

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

12.6%