Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3646

Опубликовано: 07 окт. 2022
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.

A flaw was found in the NILFS2 file system implementation in the Linux kernel. If nilfs_attach_log_writer() failed to create a log writer thread, it free'd a data structure of the log writer without any cleanup, causing a leak of struct nilfs_root. A user permitted to mount arbitrary file system images could use this flaw to cause a denial of service (resource exhaustion).

Отчет

Red Hat Enterprise Linux is not affected by this flaw as NILFS2 file system support (CONFIG_NILFS2_FS) is not enabled in any current shipping kernels.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-401
Дефект:
CWE-404
https://bugzilla.redhat.com/show_bug.cgi?id=2155501kernel: nilfs2: memory leak in nilfs_attach_log_writer in fs/nilfs2/segment.c

EPSS

Процентиль: 49%
0.0026
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3646

CVSS3: 3.1
ubuntu
больше 3 лет назад

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.

nvd логотип

CVE-2022-3646

CVSS3: 3.1
nvd
больше 3 лет назад

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.

debian логотип

CVE-2022-3646

CVSS3: 3.1
debian
больше 3 лет назад

A vulnerability, which was classified as problematic, has been found i ...

github логотип

GHSA-h2j4-qp68-f436

CVSS3: 5.3
github
больше 3 лет назад

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.

fstec логотип

BDU:2023-00452

CVSS3: 5.3
fstec
больше 3 лет назад

Уязвимость функции nilfs_attach_log_writer (fs/nilfs2/segment.c) компонента BPF ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 49%
0.0026
Низкий

4.3 Medium

CVSS3