VDB-211021 · CVE-2022-3524 · Nessus 236648

Linux Kernel IPv6 ipv6_renew_options Uskraćivanje usluge

Pronađena je ranjivost klasifikovana kao Problematiиno u Linux Kernel. Zahvaćeno je funkcija ipv6_renew_options u komponenti IPv6 Handler. Izmena rezultira Uskraćivanje usluge. Upotreba CWE za identifikaciju problema vodi ka CWE-401. Ova slabost je objavljena 10/16/2022. Izveštaj je podeljen za preuzimanje na git.kernel.org. Ova bezbednosna slabost se vodi pod oznakom CVE-2022-3524. Postoji mogućnost pokretanja napada sa udaljene lokacije. Napad se mora sprovesti u okviru lokalne mreže. Tehničke informacije su dostupne. Експлоит није доступан. Trenutno je cena za eksploataciju približno USD $0-$5k u ovom momentu. MITRE ATT&CK projekat navodi tehniku napada kao T1499. Proglašeno je za nije definisano. Kao 0-day, procenjena podzemna cena iznosila je oko $0-$5k. Zakrpa je dostupna za preuzimanje na git.kernel.org. Preporučuje se instalacija zakrpe radi otklanjanja ovog problema. Ova ranjivost je zabeležena i u drugim bazama podataka o ranjivostima: Tenable (236648). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

4 Promene · 79 Tačke podataka

Polje	Kreirali 10/16/2022 10:22	Ažurira 1/3 11/09/2022 13:52	Ažurira 2/3 11/09/2022 13:58	Ažurira 3/3 05/18/2025 21:54
software_vendor	Linux	Linux	Linux	Linux
software_name	Kernel	Kernel	Kernel	Kernel
software_component	IPv6 Handler	IPv6 Handler	IPv6 Handler	IPv6 Handler
software_function	ipv6_renew_options	ipv6_renew_options	ipv6_renew_options	ipv6_renew_options
vulnerability_cwe	CWE-401 (Uskraćivanje usluge)	CWE-401 (Uskraćivanje usluge)	CWE-401 (Uskraćivanje usluge)	CWE-401 (Uskraćivanje usluge)
vulnerability_risk	1	1	1	1
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	N	N	N	N
cvss3_vuldb_i	N	N	N	N
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_rl	O	O	O	O
cvss3_vuldb_rc	C	C	C	C
advisory_url	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11
countermeasure_name	Zakrpa	Zakrpa	Zakrpa	Zakrpa
countermeasure_patch_url	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11
source_cve	CVE-2022-3524	CVE-2022-3524	CVE-2022-3524	CVE-2022-3524
cna_responsible	VulDB	VulDB	VulDB	VulDB
advisory_date	1665871200 (10/16/2022)	1665871200 (10/16/2022)	1665871200 (10/16/2022)	1665871200 (10/16/2022)
software_type	Operating System	Operating System	Operating System	Operating System
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	N	N	N	N
cvss2_vuldb_ii	N	N	N	N
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_rc	C	C	C	C
cvss2_vuldb_rl	OF	OF	OF	OF
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_e	ND	ND	ND	ND
cvss3_vuldb_e	X	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.5	3.5	3.5	3.5
cvss3_vuldb_basescore	4.3	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.1	4.1	4.1	4.1
cvss3_meta_basescore	4.3	4.3	5.4	5.4
cvss3_meta_tempscore	4.1	4.1	5.3	5.3
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1665871200 (10/16/2022)	1665871200 (10/16/2022)	1665871200 (10/16/2022)
cve_nvd_summary		A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.	A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.	A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.
cvss3_nvd_av			N	N
cvss3_nvd_ac			L	L
cvss3_nvd_pr			N	N
cvss3_nvd_ui			N	N
cvss3_nvd_s			U	U
cvss3_nvd_c			N	N
cvss3_nvd_i			N	N
cvss3_nvd_a			H	H
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			N	N
cvss3_cna_i			N	N
cvss3_cna_a			L	L
cve_cna			VulDB	VulDB
cvss3_nvd_basescore			7.5	7.5
cvss3_cna_basescore			4.3	4.3
nessus_id				236648
nessus_name				Alibaba Cloud Linux 3 : 0002: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2023:0002)
cvss4_vuldb_av				N
cvss4_vuldb_ac				L
cvss4_vuldb_pr				L
cvss4_vuldb_ui				N
cvss4_vuldb_vc				N
cvss4_vuldb_vi				N
cvss4_vuldb_va				L
cvss4_vuldb_e				X
cvss4_vuldb_at				N
cvss4_vuldb_sc				N
cvss4_vuldb_si				N
cvss4_vuldb_sa				N
cvss4_vuldb_bscore				5.3
cvss4_vuldb_btscore				5.3

◂ Prethodne Pregled Sledeжi ▸

Do you need the next level of professionalism?

Upgrade your account now!