CVE-2022-3977
Summary
| CVE | CVE-2022-3977 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-01-12 19:15:00 UTC |
|---|
| Updated | 2023-04-11 18:15:00 UTC |
|---|
| Description | A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| CVE-2022-3977 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| kernel/git/torvalds/linux.git - Linux kernel source tree |
MISC |
git.kernel.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 184018 Debian Security Update for linux (CVE-2022-3977)
- 199089 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5793-1)
- 199096 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5793-2)
- 199098 Ubuntu Security Notification for Linux kernel (IBM) Vulnerabilities (USN-5793-4)
- 199099 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5793-3)
