CVE-2022-3649

Published: Oct 21, 2022Modified: Nov 21, 2024

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.

Affected (14)

Products: Linux: Linux Kernel · Debian: Debian Linux · Netapp: Active Iq Unified Manager, H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware

1 product

1 product

5 products

Active Iq Unified Manager

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 4.9.331
Linux Linux Kernel	From 4.10 to 4.14.296
Linux Linux Kernel	From 4.15 to 4.19.262
Linux Linux Kernel	From 4.20 to 5.4.220
Linux Linux Kernel	From 5.11 to 5.15.74
Linux Linux Kernel	From 5.16 to 5.19.16
Linux Linux Kernel	From 5.5 to 5.10.148
Linux Linux Kernel	From 6.0 to 6.0.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (10)

https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09

Source: cna@vuldb.com

Mailing ListPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20230214-0009/

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?id.211992

Source: cna@vuldb.com

Third Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09