7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
A vulnerability was found in Linux Kernel. It has been classified as
critical. This affects the function devlink_param_set/devlink_param_get of
the file net/core/devlink.c of the component IPsec. The manipulation leads
to use after free. It is recommended to apply a patch to fix this issue.
The identifier VDB-211929 was assigned to this vulnerability.
Author | Note |
---|---|
cascardo | The reported vulnerability is on mlxsw driver, and the Fixes: commit is the one introducing that vulnerability, which would be 98bbf70c1c41fb9547c3a18c0f1b96f6ebb8eb1d. However, we are opting to use 45f05def5c44c806f094709f1c9b03dcecdd54f0 as the introducing commit in case other drivers or the same driver decide to rely on that mitigation and introduce new features with the same kind of vulnerability. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-132.148 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-53.59 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1089.97 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1023.27 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1023.27~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1089.97~18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1095.101 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1023.29 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1023.29~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-5.4 | < 5.4.0-1095.101~18.04.1 | UNKNOWN |
git.kernel.org/linus/6b4db2e528f650c7fb712961aac36455468d5902 (6.0-rc1)
git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=6b4db2e528f650c7fb712961aac36455468d5902
launchpad.net/bugs/cve/CVE-2022-3625
nvd.nist.gov/vuln/detail/CVE-2022-3625
security-tracker.debian.org/tracker/CVE-2022-3625
ubuntu.com/security/notices/USN-5728-1
ubuntu.com/security/notices/USN-5728-2
ubuntu.com/security/notices/USN-5728-3
ubuntu.com/security/notices/USN-5729-1
ubuntu.com/security/notices/USN-5729-2
www.cve.org/CVERecord?id=CVE-2022-3625
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%