{"id":"CVE-2022-3028","details":"A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.","modified":"2026-04-16T04:35:36.250230526Z","published":"2022-08-31T16:15:11.867Z","related":["ALSA-2023:2148","ALSA-2023:2458","ALSA-2023:2736","ALSA-2023:2951","SUSE-SU-2022:3263-1","SUSE-SU-2022:3264-1","SUSE-SU-2022:3265-1","SUSE-SU-2022:3274-1","SUSE-SU-2022:3282-1","SUSE-SU-2022:3288-1","SUSE-SU-2022:3291-1","SUSE-SU-2022:3293-1","SUSE-SU-2022:3294-1","SUSE-SU-2022:3408-1","SUSE-SU-2022:3422-1","SUSE-SU-2022:3450-1","SUSE-SU-2022:3609-1","SUSE-SU-2022:3809-1","SUSE-SU-2022:4617-1","SUSE-SU-2023:0416-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/"},{"type":"WEB","url":"https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230214-0004/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3028.json","unresolved_ranges":[{"events":[{"introduced":"3.14"},{"fixed":"4.9.327"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.292"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.257"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.212"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.140"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.64"}]},{"events":[{"introduced":"5.16"},{"fixed":"5.19.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}