CVE-2022-3649 LOW

CVE-2022-3649: Linux Kernel BPF inode.c nilfs_new_inode use after free

Vendor Linux
Product Kernel
Weakness CWE-119
Published October 21, 2022
Last update August 3, 2024

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.

Key dates

02Disclosure timeline

October 21, 2022 CVE published
August 3, 2024 Record updated