vulnerability
Arch Linux: Denial of service (CVE-2022-3524)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | Oct 16, 2022 | Jul 11, 2025 | Nov 27, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
Oct 16, 2022
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
memory leak in ipv6_renew_options() when one thread is converting an IPv6 socket into IPv4 with IPV6_ADDRFORM while another thread calls do_ipv6_setsockopt() and allocates memory to inet6_sk(sk)->XXX after conversion because the converted sk with (tcp|udp)_prot never frees the IPv6 resources, which inet6_destroy_sock() should have cleaned up
Solution
arch-linux-upgrade-latest
References
- CVE-2022-3524
- https://attackerkb.com/topics/CVE-2022-3524
- URL-https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11
- URL-https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
- URL-https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
- URL-https://vuldb.com/?id.211021
- CWE-404
- CWE-401
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.