CVE-2022-28390

HIGH

Linux kernel <5.17.1 - Memory Corruption

Title source: llm

STIX 2.1

Description

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

References (8)

Core 8

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646

View Patch ZIP pw:eip

Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/

Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/

Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2022/dsa-5127

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20220513-0001/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2022/dsa-5173

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 3.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-415

Status published

Products (15)

debian/debian_linux 9.0

debian/debian_linux 10.0

debian/debian_linux 11.0

fedoraproject/fedora 34

fedoraproject/fedora 35

fedoraproject/fedora 36

linux/linux_kernel 2.6.32 - 5.17.1

netapp/hci_baseboard_management_controller h300e

netapp/hci_baseboard_management_controller h300s

netapp/hci_baseboard_management_controller h410c

... and 5 more

Published Apr 03, 2022

Tracked Since Feb 18, 2026