CVE-2022-28893 Information

Jun 07, 2022 cve

Description

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a http://www.openwall.com/lists/oss-security/2022/04/11/4 http://www.openwall.com/lists/oss-security/2022/04/11/3 http://www.openwall.com/lists/oss-security/2022/04/11/5 https://security.netapp.com/advisory/ntap-20220526-0002/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

Share on: