CVE-2022-3545

Published: Oct 17, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.

Affected (12)

Products: Linux: Linux Kernel · Netapp: H410c Firmware, H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware · Debian: Debian Linux

1 product

5 products

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.11 to 4.14.303
Linux Linux Kernel	From 4.15 to 4.19.270
Linux Linux Kernel	From 4.20 to 5.4.228
Linux Linux Kernel	From 5.11 to 5.15.84
Linux Linux Kernel	From 5.5 to 5.10.160

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration G

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (12)

https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a

Source: cna@vuldb.com

Patch

https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20221223-0003/

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?id.211045

Source: cna@vuldb.com

Third Party Advisory

https://www.debian.org/security/2023/dsa-5324

Source: cna@vuldb.com

Third Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a