CVE-2022-28893

Public on 2022-04-11
Modified on 2023-03-28
Description
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
Severity
Medium severity
Medium
CVSS v3 Base Score
6.2
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Kernel-5.10 Extra kernel 2022-06-04 ALAS2KERNEL-5.10-2022-014 Fixed
Amazon Linux 2 - Kernel-5.15 Extra kernel 2022-06-06 ALAS2KERNEL-5.15-2022-001 Fixed
Amazon Linux 2 - Kernel-5.15 Extra kernel 2023-06-29 ALAS2KERNEL-5.15-2023-023 Fixed
Amazon Linux 2 - Kernel-5.4 Extra kernel 2022-06-04 ALAS2KERNEL-5.4-2022-026 Fixed
Amazon Linux 2023 kernel 2023-02-17 ALAS2023-2023-070 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H