Linux Kernel IPsec nfp_cppcore.c area_cache_get Korupcija memorije

Pronađena je ranjivost klasifikovana kao Kritične u Linux Kernel. Zahvaćeno je funkcija area_cache_get u fajlu drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c u komponenti IPsec. Izmena rezultira Korupcija memorije. Upotreba CWE za identifikaciju problema vodi ka CWE-416. Ova slabost je objavljena 10/17/2022. Izveštaj je podeljen za preuzimanje na git.kernel.org. Ova bezbednosna slabost se vodi pod oznakom CVE-2022-3545. Tehničke informacije su dostupne. Експлоит није доступан. Trenutno je cena za eksploataciju približno USD $0-$5k u ovom momentu. Proglašeno je za nije definisano. Kao 0-day, procenjena podzemna cena iznosila je oko $5k-$25k. Zakrpa je dostupna za preuzimanje na git.kernel.org. Preporučuje se instalacija zakrpe radi otklanjanja ovog problema. Ova ranjivost je zabeležena i u drugim bazama podataka o ranjivostima: Tenable (236648). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

5 Promene · 87 Tačke podataka

PoljeKreirali
10/17/2022 13:24		Ažurira 1/4
11/09/2022 16:45		Ažurira 2/4
11/09/2022 16:52		Ažurira 3/4
05/18/2025 21:54		Ažurira 4/4
10/17/2025 05:14
software_vendorLinuxLinuxLinuxLinuxLinux
software_nameKernelKernelKernelKernelKernel
software_componentIPsecIPsecIPsecIPsecIPsec
software_filedrivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.cdrivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.cdrivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.cdrivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.cdrivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c
software_functionarea_cache_getarea_cache_getarea_cache_getarea_cache_getarea_cache_get
vulnerability_cweCWE-416 (Korupcija memorije)CWE-416 (Korupcija memorije)CWE-416 (Korupcija memorije)CWE-416 (Korupcija memorije)CWE-416 (Korupcija memorije)
vulnerability_risk22222
cvss3_vuldb_uiNNNNN
cvss3_vuldb_sUUUUU
cvss3_vuldb_cLLLLL
cvss3_vuldb_iLLLLL
cvss3_vuldb_aLLLLL
cvss3_vuldb_rlOOOOO
cvss3_vuldb_rcCCCCC
advisory_urlhttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86ahttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86ahttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86ahttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86ahttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a
countermeasure_nameZakrpaZakrpaZakrpaZakrpaZakrpa
countermeasure_patch_urlhttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86ahttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86ahttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86ahttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86ahttps://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a
source_cveCVE-2022-3545CVE-2022-3545CVE-2022-3545CVE-2022-3545CVE-2022-3545
cna_responsibleVulDBVulDBVulDBVulDBVulDB
advisory_date1665957600 (10/17/2022)1665957600 (10/17/2022)1665957600 (10/17/2022)1665957600 (10/17/2022)1665957600 (10/17/2022)
software_typeOperating SystemOperating SystemOperating SystemOperating SystemOperating System
cvss2_vuldb_ciPPPPP
cvss2_vuldb_iiPPPPP
cvss2_vuldb_aiPPPPP
cvss2_vuldb_rcCCCCC
cvss2_vuldb_rlOFOFOFOFOF
cvss2_vuldb_avAAAAA
cvss2_vuldb_acMMMMM
cvss2_vuldb_auSSSSS
cvss2_vuldb_eNDNDNDNDND
cvss3_vuldb_avAAAAA
cvss3_vuldb_acLLLLL
cvss3_vuldb_prLLLLL
cvss3_vuldb_eXXXXX
cvss2_vuldb_basescore4.94.94.94.94.9
cvss2_vuldb_tempscore4.34.34.34.34.3
cvss3_vuldb_basescore5.55.55.55.55.5
cvss3_vuldb_tempscore5.35.35.35.35.3
cvss3_meta_basescore5.55.56.36.36.3
cvss3_meta_tempscore5.35.36.26.26.2
price_0day$5k-$25k$5k-$25k$5k-$25k$5k-$25k$5k-$25k
cve_assigned1665957600 (10/17/2022)1665957600 (10/17/2022)1665957600 (10/17/2022)1665957600 (10/17/2022)
cve_nvd_summaryA vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
cvss3_cna_avAAA
cvss3_cna_acLLL
cvss3_cna_prLLL
cvss3_cna_uiNNN
cvss3_cna_sUUU
cvss3_cna_cLLL
cvss3_cna_iLLL
cvss3_cna_aLLL
cve_cnaVulDBVulDBVulDB
cvss3_nvd_basescore7.87.87.8
cvss3_cna_basescore5.55.55.5
nessus_id236648236648
nessus_nameAlibaba Cloud Linux 3 : 0002: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2023:0002)Alibaba Cloud Linux 3 : 0002: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2023:0002)
cvss4_vuldb_avAA
cvss4_vuldb_acLL
cvss4_vuldb_prLL
cvss4_vuldb_uiNN
cvss4_vuldb_vcLL
cvss4_vuldb_viLL
cvss4_vuldb_vaLL
cvss4_vuldb_eXX
cvss4_vuldb_atNN
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss4_vuldb_bscore5.15.1
cvss4_vuldb_btscore5.15.1
certbund_widWID-SEC-2024-1086
certbund_classification3
certbund_published1760609329 (10/16/2025)
certbund_titleIBM QRadar SIEM: Mehrere Schwachstellen
certbund_productsSUSE Linux IBM QRadar SIEM
certbund_basescore9.8
certbund_nopatch0

PrethodnePregledSledeжi

Do you know our Splunk app?

Download it now for free!