CVE-2022-28390

HIGH

Linux kernel <5.17.1 - Memory Corruption

Title source: llm

Description

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

References (8)

[Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646

View Patch ZIP pw:eip

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220513-0001/

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5127

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5173

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (15)

linux/linux_kernel < 5.17.1

fedoraproject/fedora

fedoraproject/fedora

fedoraproject/fedora

debian/debian_linux

debian/debian_linux

debian/debian_linux

netapp/hci_baseboard_management_controller

netapp/hci_baseboard_management_controller

netapp/hci_baseboard_management_controller

netapp/hci_baseboard_management_controller

netapp/hci_baseboard_management_controller

netapp/hci_baseboard_management_controller

netapp/hci_baseboard_management_controller

netapp/hci_baseboard_management_controller

Timeline

Published Apr 03, 2022

Tracked Since Feb 18, 2026