CVE - CVE-2022-3028

CVE-ID
CVE-2022-3028	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20230214-0004/ FEDORA:FEDORA-2022-35c14ba5bb URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/ FEDORA:FEDORA-2022-6835ddb6d8 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/ FEDORA:FEDORA-2022-ccb0138bb6 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/ MISC:https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 URL:https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 MISC:https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/ URL:https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/ MLIST:[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html MLIST:[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update URL:https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20220829	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20220829)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)