CVE-2022-3534
17.10.2022, 09:15
A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dwarves-dfsg |
| ||||||||||||||||||
| libbpf |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libbpf-devel |
| ||||||||||||
| libbpf0 |
| ||||||||||||
| libbpf1 |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| bpftool |
| ||
| bpftool-debuginfo |
| ||
| kernel |
| ||
| kernel-debuginfo |
| ||
| kernel-debuginfo-common-aarch64 |
| ||
| kernel-debuginfo-common-x86_64 |
| ||
| kernel-devel |
| ||
| kernel-headers |
| ||
| kernel-libbpf |
| ||
| kernel-libbpf-devel |
| ||
| kernel-libbpf-static |
| ||
| kernel-livepatch-6.1.10-15.42 |
| ||
| kernel-tools |
| ||
| kernel-tools-debuginfo |
| ||
| kernel-tools-devel |
| ||
| libbpf |
| ||
| libbpf-debuginfo |
| ||
| libbpf-devel |
| ||
| libbpf-static |
| ||
| perf |
| ||
| perf-debuginfo |
| ||
| python3-perf |
| ||
| python3-perf-debuginfo |
|
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-416 - Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
References