CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
12.6%
A vulnerability was found in Linux Kernel. It has been rated as
problematic. Affected by this issue is the function sess_free_buffer of the
file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads
to double free. It is recommended to apply a patch to fix this issue. The
identifier of this vulnerability is VDB-211364.
Author | Note |
---|---|
rodrigo-zaiden | the vulnerable commit itself (without the fix commit), is not present in any released version, hence all versions are not-affected. in linux-azure kernel for Jammy (5.15), both vulnerable and fix commits are included as a patchset to update CIFS to 6.5 in version 5.15.0-1051.59, so, this kernel is still not-affected as the vulnerable code can not be found without the fix commit in any release. |
git.kernel.org/linus/b854b4ee66437e6e1622fda90529c814978cb4ca
git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b854b4ee66437e6e1622fda90529c814978cb4ca
launchpad.net/bugs/cve/CVE-2022-3595
nvd.nist.gov/vuln/detail/CVE-2022-3595
security-tracker.debian.org/tracker/CVE-2022-3595
www.cve.org/CVERecord?id=CVE-2022-3595