Linux Kernel skb drivers/net/macvlan.c macvlan_handle_frame Uskraćivanje usluge

Pronađena je ranjivost klasifikovana kao Problematiиno u Linux Kernel. Zahvaćeno je funkcija macvlan_handle_frame u fajlu drivers/net/macvlan.c u komponenti skb. Izmena rezultira Uskraćivanje usluge. Korišćenje CWE za deklarisanje problema vodi do CWE-401. Ova slabost je objavljena 10/16/2022. Obaveštenje je dostupno za preuzimanje na git.kernel.org. Ova ranjivost je označena kao CVE-2022-3526. Moguće je pokrenuti napad na daljinu. Napad mora biti izveden unutar lokalne mreže. Tehnički detalji su dostupni. Експлоит није доступан. Trenutno je cena za eksploataciju približno USD $0-$5k u ovom momentu. MITRE ATT&CK projekat deklariše tehniku napada kao T1499. Označeno je kao nije definisano. Kao 0-day, procenjena cena na crnom tržištu bila je oko $5k-$25k. Zakrpa može biti preuzeta sa git.kernel.org. Preporučuje se primena zakrpe kako bi se rešio ovaj problem. Once again VulDB remains the best source for vulnerability data.

3 Promene · 64 Tačke podataka

PoljeKreirali
10/16/2022 19:36		Ažurira 1/2
11/09/2022 14:12		Ažurira 2/2
11/09/2022 14:13
software_vendorLinuxLinuxLinux
software_nameKernelKernelKernel
software_componentskbskbskb
software_filedrivers/net/macvlan.cdrivers/net/macvlan.cdrivers/net/macvlan.c
software_functionmacvlan_handle_framemacvlan_handle_framemacvlan_handle_frame
vulnerability_cweCWE-401 (Uskraćivanje usluge)CWE-401 (Uskraćivanje usluge)CWE-401 (Uskraćivanje usluge)
vulnerability_risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
advisory_urlhttps://git.kernel.org/pub/scm/linux/kernel/git/pabeni/net-next.git/commit/?id=e16b859872b87650bb55b12cca5a5fcdc49c1442https://git.kernel.org/pub/scm/linux/kernel/git/pabeni/net-next.git/commit/?id=e16b859872b87650bb55b12cca5a5fcdc49c1442https://git.kernel.org/pub/scm/linux/kernel/git/pabeni/net-next.git/commit/?id=e16b859872b87650bb55b12cca5a5fcdc49c1442
countermeasure_nameZakrpaZakrpaZakrpa
countermeasure_patch_urlhttps://git.kernel.org/pub/scm/linux/kernel/git/pabeni/net-next.git/commit/?id=e16b859872b87650bb55b12cca5a5fcdc49c1442https://git.kernel.org/pub/scm/linux/kernel/git/pabeni/net-next.git/commit/?id=e16b859872b87650bb55b12cca5a5fcdc49c1442https://git.kernel.org/pub/scm/linux/kernel/git/pabeni/net-next.git/commit/?id=e16b859872b87650bb55b12cca5a5fcdc49c1442
source_cveCVE-2022-3526CVE-2022-3526CVE-2022-3526
cna_responsibleVulDBVulDBVulDB
advisory_date1665871200 (10/16/2022)1665871200 (10/16/2022)1665871200 (10/16/2022)
software_typeOperating SystemOperating SystemOperating System
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore4.44.44.4
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_meta_basescore5.35.36.0
cvss3_meta_tempscore5.15.16.0
price_0day$5k-$25k$5k-$25k$5k-$25k
cve_assigned1665871200 (10/16/2022)1665871200 (10/16/2022)
cve_nvd_summaryA vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iN
cvss3_cna_aL
cve_cnaVulDB
cvss3_nvd_basescore7.5
cvss3_cna_basescore5.3

PrethodnePregledSledeжi

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!