CVE-2022-3541
MEDIUMLinux Kernel 5.19-5.19.16 - Use-After-Free in spl2sw_nvmem_get_mac_address
Title source: llmDescription
A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability.
References (3)
Core 3
Core References
Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=12aece8b01507a2d357a1861f470e83621fbb6f2
Broken Link, Third Party Advisory
https://security.netapp.com/advisory/ntap-20221228-0001/
Third Party Advisory
https://vuldb.com/?id.211041
Scores
CVSS v3
5.5
EPSS
0.0033
EPSS Percentile
25.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
Status
published
Products (1)
linux/linux_kernel
5.19 - 5.19.17
Published
Oct 17, 2022
Tracked Since
Feb 18, 2026