Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-28388

Опубликовано: 04 апр. 2022
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

A double-free flaw was found in the Linux kernel's USB2CAN interface implementation. This issue could allow a local user to crash the system.

Отчет

This issue is Moderate because this case doesn't lead to a kernel crash as result of the pointers reference check preventing actual second memory free. The only known attack scenario is the possibility of a denial of service.

Меры по смягчению последствий

To mitigate this issue, prevent module usb_8dev from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2023:690114.11.2023
Red Hat Enterprise Linux 8kernelFixedRHSA-2023:707714.11.2023
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:072407.02.2024
Red Hat Enterprise Linux 8.8 Extended Update SupportkernelFixedRHSA-2024:140419.03.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:245809.05.2023
Red Hat Enterprise Linux 9kernel-rtFixedRHSA-2023:214809.05.2023
Red Hat Enterprise Linux 9kernelFixedRHSA-2023:245809.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-415
https://bugzilla.redhat.com/show_bug.cgi?id=2073091kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c

EPSS

Процентиль: 1%
0.0001
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-28388

CVSS3: 5.5
ubuntu
около 3 лет назад

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

nvd логотип

CVE-2022-28388

CVSS3: 5.5
nvd
около 3 лет назад

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

msrc логотип

CVE-2022-28388

CVSS3: 5.5
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-28388

CVSS3: 5.5
debian
около 3 лет назад

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux ker ...

github логотип

GHSA-f446-9vw9-w973

CVSS3: 7.8
github
около 3 лет назад

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

EPSS

Процентиль: 1%
0.0001
Низкий

5.5 Medium

CVSS3