CVE-2022-3633 - OpenCVE

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

References

Link	Resource
https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=8c21c54a53ab21842f5050fa090f26b03c0313d6	Mailing List Patch Vendor Advisory
https://vuldb.com/?ctiid.211932	Third Party Advisory
https://vuldb.com/?id.211932	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2022-10-21T00:00:00

Updated: 2023-10-20T14:03:55.871Z

Reserved: 2022-10-21T00:00:00

Link: CVE-2022-3633

JSON object: View

NVD Information

Status : Modified

Published: 2022-10-21T11:15:09.473

Modified: 2024-05-17T02:13:01.240

Link: CVE-2022-3633

JSON object: View

Redhat Information

No data.

CWE

CWE-401

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3633", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2023-10-20T14:03:55.871Z", "dateReserved": "2022-10-21T00:00:00", "datePublished": "2022-10-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T14:03:55.871Z"}, "title": "Linux Kernel transport.c j1939_session_destroy memory leak", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-401", "lang": "en", "description": "CWE-401 Memory Leak"}]}], "affected": [{"vendor": "Linux", "product": "Kernel", "versions": [{"version": "n/a", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in Linux Kernel entdeckt. Es geht dabei um die Funktion j1939_session_destroy der Datei net/can/j1939/transport.c. Mittels Manipulieren mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}], "timeline": [{"time": "2022-10-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2022-10-21T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2022-10-21T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-01-03T12:45:09.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.211932", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.211932", "tags": ["signature", "permissions-required"]}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=8c21c54a53ab21842f5050fa090f26b03c0313d6", "tags": ["patch"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en el Kernel de Linux. Est\u00e1 afectada la funci\u00f3n j1939_session_destroy del archivo net/can/j1939/transport.c del componente IPsec. La manipulaci\u00f3n conlleva a una p\u00e9rdida de memoria. Es recomendado aplicar un parche para corregir este problema. El identificador de esta vulnerabilidad es VDB-211932"}], "id": "CVE-2022-3633", "lastModified": "2024-05-17T02:13:01.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-10-21T11:15:09.473", "references": [{"source": "cna@vuldb.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=8c21c54a53ab21842f5050fa090f26b03c0313d6"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.211932"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.211932"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Secondary"}]}