CVE-2022-3524 : A vulnerability was found in Linux Kernel. It has been declared as problematic.

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.

Published 2022-10-16 10:15:10

Updated 2023-01-09 17:55:03

Source VulDB

View at NVD, CVE.org

Products affected by CVE-2022-3524

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 2.6.12
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.12 Update RC1
cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.12
cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-3524

EPSS FAQ

0.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-3524

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	2.8	1.4	VulDB
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-3524

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Assigned by:
- cna@vuldb.com (Primary)
- nvd@nist.gov (Secondary)
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

Assigned by: cna@vuldb.com (Primary)

References for CVE-2022-3524

https://vuldb.com/?id.211021

CVE-2022-3524 | Linux Kernel IPv6 ipv6_renew_options memory leak
Permissions Required;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html

[SECURITY] [DLA 3244-1] linux-5.10 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11

kernel/git/torvalds/linux.git - Linux kernel source tree
Mailing List;Patch;Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html

[SECURITY] [DLA 3245-1] linux security update
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-3524

Products affected by CVE-2022-3524

Exploit prediction scoring system (EPSS) score for CVE-2022-3524

CVSS scores for CVE-2022-3524

CWE ids for CVE-2022-3524

References for CVE-2022-3524