Bug 1204484 (CVE-2022-3593) - VUL-1: CVE-2022-3593: iproute2: memory leak in mptcp_limit_get_set() (ip/ipmptcp.c)
Summary: VUL-1: CVE-2022-3593: iproute2: memory leak in mptcp_limit_get_set() (ip/ipmp...
Status: RESOLVED WONTFIX
Alias: CVE-2022-3593
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/345717/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-3593:3.3:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-10-19 09:39 UTC by Robert Frohl
Modified: 2024-07-04 09:12 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-10-19 09:39:21 UTC 
CVE-2022-3593

A vulnerability was found in Linux Kernel. It has been classified as
problematic. Affected is the function mptcp_limit_get_set of the file
ip/ipmptcp.c of the component iproute2. The manipulation leads to memory leak.
It is possible to launch the attack remotely. It is recommended to apply a patch
to fix this issue. VDB-211362 is the identifier assigned to this vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3593
https://www.cve.org/CVERecord?id=CVE-2022-3593
https://vuldb.com/?id.211362
https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=2cb76253ed852559a4f2b315f5e23457a15d71e5
Comment 1 Robert Frohl 2022-10-19 09:40:11 UTC 
tracking as affected:

- SUSE:SLE-15-SP4:Update/iproute2
Comment 2 Marcus Meissner 2023-09-18 09:45:49 UTC 
CVE was rejected