CVE-2022-3524 An issue was found in the Linux Kernel IPv6 renewal functionality. A memory leak vulnerability can be triggered by sending a specially crafted packet.

An issue has been found in the Linux Kernel. It is caused due to the vulnerability in the function of ipv6_renew_options. The exploitation of this vulnerability leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. An issue was found in Linux Kernel. It is caused due to the vulnerability in the function of _ipv6_ifa_set. The exploitation of this vulnerability leads to remote code execution. It can be exploited over SSH. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.

CVE-2023-3527

An issue has been found in the Linux Kernel. It is caused due to the vulnerability in the function of ip6_append_data. The exploitation of this vulnerability leads to memory leak. This attack can be launched remotely over SSH. The identifier VDB-211023 was assigned to this vulnerability. An issue was found in Linux Kernel. It is caused due to the vulnerability in the function of _ip6_append_data. The exploitation of this vulnerability leads to remote code execution over SSH. This attack can be launched remotely over SSH. The identifier VDB-211023 was assigned to this vulnerability.

Linux Kernel - CVE-2021-3523

An issue has been found in the Linux Kernel. It is caused due to the vulnerability in the function of ipv6_dev_expire. The exploitation of this vulnerability leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211048 was assigned to this vulnerability. An issue has been found in the Linux Kernel. It is caused due to the vulnerability in the function of ipv6_tcp_do_metrics3. The exploitation of this vulnerability leads to memory leak and remote code execution. It can be exploited over SSH. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211048 was assigned to this vulnerability.

Vulnerability discovery and finding root cause

Linux Kernel is vulnerable to this issue. The issue was discovered by VDB-211021. This vulnerability can be exploited remotely. The attack can be launched using a malicious SSH server.

Timeline

Published on: 10/16/2022 10:15:00 UTC
Last modified on: 10/19/2022 04:36:00 UTC

References

• https://vuldb.com/?id.211021
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3524