CVE-2022-3594

Linux Kernel BPF r8152.c intr_callback logging of excessive data

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.

Se ha encontrado una vulnerabilidad en el Kernel de Linux. Ha sido declarada como problemática. Esta vulnerabilidad afecta a la función intr_callback del archivo drivers/net/usb/r8152.c del componente BPF. La manipulación conlleva a un registro de datos excesivos. El ataque puede ser lanzado de forma remota. Es recomendado aplicar un parche para corregir este problema. El identificador asociado a esta vulnerabilidad es VDB-211363

A vulnerability was found in intr_callback in drivers/net/usb/r8152.c in the BPF component in the Linux Kernel. The manipulation leads to logging excessive data, where an attack can be launched remotely.

*Credits: N/A

CVSS Scores

NISTv3.1 5.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-18 CVE Reserved
2022-10-18 CVE Published
2024-08-03 CVE Updated
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-404: Improper Resource Shutdown or Release
CWE-779: Logging of Excessive Data

CAPEC

References (6)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html	Mailing List
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html	Mailing List
https://vuldb.com/?id.211363	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907	2023-11-07

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-3594	2024-03-19
https://bugzilla.redhat.com/show_bug.cgi?id=2149024	2024-03-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected