Vulnerability Description
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.9, <= 5.18 |
| Xen | Xen | - |
| Debian | Debian Linux | 11.0 |
References
- http://www.openwall.com/lists/oss-security/2022/07/05/5Mailing ListPatchThird Party Advisory
- http://xenbits.xen.org/xsa/advisory-405.htmlPatchVendor Advisory
- https://www.debian.org/security/2022/dsa-5191Third Party Advisory
- https://xenbits.xenproject.org/xsa/advisory-405.txtVendor Advisory
- http://www.openwall.com/lists/oss-security/2022/07/05/5Mailing ListPatchThird Party Advisory
- http://xenbits.xen.org/xsa/advisory-405.htmlPatchVendor Advisory
- https://www.debian.org/security/2022/dsa-5191Third Party Advisory
- https://xenbits.xenproject.org/xsa/advisory-405.txtVendor Advisory
FAQ
What is CVE-2022-33743?
CVE-2022-33743 is a vulnerability with a CVSS score of 7.8 (HIGH). network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retaine...
How severe is CVE-2022-33743?
CVE-2022-33743 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-33743?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Xen Xen, Debian Debian Linux.