Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.
CVE-2022-3643
Score 10.0 from GitHub Security Advisory (severity: CRITICAL) published 2022-12-07. NVD baseline CVSS 6.5; sources differ by 3.5.
- Lower severity and no public exploit yet
A fix is available — apply it.
- CVSS v3
- 6.5
- EG Score
- 10.0(medium)
- EPSS
- 37.1%
- KEV
- Not listed
Published
December 7, 2022
Last Modified
November 21, 2024
References (10)
- security@xenhttp://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
- security@xenhttp://www.openwall.com/lists/oss-security/2022/12/07/2
- security@xenhttps://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
- security@xenhttps://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
- security@xenhttps://xenbits.xenproject.org/xsa/advisory-423.txt
- af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
- af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2022/12/07/2
- af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
- af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
- af854a3a-2127-422b-91ae-364da2661108https://xenbits.xenproject.org/xsa/advisory-423.txt
Patch Availability(20)
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
All Vendor Advisories
(20)
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
- UbuntuLSN-0099-1MEDIUM
Kernel Live Patch Security Notice
- UbuntuUSN-5794-1MEDIUM
Linux kernel (AWS) vulnerabilities
- UbuntuUSN-5802-1MEDIUM
Linux kernel vulnerabilities
- UbuntuUSN-5803-1MEDIUM
Linux kernel vulnerabilities
- UbuntuUSN-5804-1MEDIUM
Linux kernel vulnerabilities
- UbuntuUSN-5804-2MEDIUM
Linux kernel vulnerabilities
- UbuntuUSN-5808-1MEDIUM
Linux kernel (IBM) vulnerabilities
- UbuntuUSN-5813-1MEDIUM
Linux kernel vulnerabilities
- UbuntuUSN-5814-1MEDIUM
Linux kernel vulnerabilities
- UbuntuUSN-5829-1MEDIUM
Linux kernel (Raspberry Pi) vulnerabilities
- UbuntuUSN-5830-1MEDIUM
Linux kernel vulnerabilities
- UbuntuUSN-5831-1MEDIUM
Linux kernel (Azure CVM) vulnerabilities
- UbuntuUSN-5832-1MEDIUM
Linux kernel (Raspberry Pi) vulnerabilities
- UbuntuUSN-5860-1MEDIUM
Linux kernel (GKE) vulnerabilities
- UbuntuUSN-5861-1MEDIUM
Linux kernel (Dell300x) vulnerabilities
- UbuntuUSN-5863-1MEDIUM
Linux kernel (Azure) vulnerabilities
- UbuntuUSN-5875-1MEDIUM
Linux kernel (GKE) vulnerabilities
- UbuntuUSN-5877-1MEDIUM
Linux kernel (GKE) vulnerabilities
- UbuntuUSN-5879-1MEDIUM
Linux kernel (HWE) vulnerabilities
- UbuntuUSN-5918-1MEDIUM
Linux kernel (BlueField) vulnerabilities
Data Freshness Timeline
(refreshed 10× in last 7d / 47× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-12 05:44 UTCEPSS rescore
- 2026-07-12 05:44 UTCEPSS rescore
- 2026-07-11 08:25 UTCEPSS rescore
- 2026-07-09 19:08 UTCEPSS rescore
- 2026-07-08 15:12 UTCEPSS rescore
- 2026-07-07 13:44 UTCEPSS rescore
- 2026-07-06 16:25 UTCEPSS rescore
- 2026-07-06 16:25 UTCEPSS rescore
- 2026-07-06 02:21 UTCEPSS rescore
- 2026-07-06 02:21 UTCEPSS rescore
- 2026-07-05 02:28 UTCEPSS rescore
- 2026-07-04 06:29 UTCEPSS rescore
- 2026-07-04 06:29 UTCEPSS rescore
- 2026-07-01 15:04 UTCEPSS rescore
- 2026-06-30 23:20 UTCEPSS rescore
- 2026-06-30 23:20 UTCEPSS rescore
- 2026-06-29 14:04 UTCEPSS rescore
- 2026-06-28 14:06 UTCEPSS rescore
- 2026-06-28 12:19 UTCOSV refresh
- 2026-06-28 04:54 UTCEPSS rescore
- 2026-06-28 04:54 UTCEPSS rescore
- 2026-06-27 03:07 UTCEPSS rescore
- 2026-06-27 03:07 UTCEPSS rescore
- 2026-06-25 13:48 UTCEPSS rescore
- 2026-06-25 13:48 UTCEPSS rescore
Show 64 moreShow fewer
- 2026-06-24 14:03 UTCEPSS rescore
- 2026-06-24 14:03 UTCEPSS rescore
- 2026-06-23 21:31 UTCEPSS rescore
- 2026-06-23 21:31 UTCEPSS rescore
- 2026-06-22 14:24 UTCEPSS rescore
- 2026-06-22 14:24 UTCEPSS rescore
- 2026-06-21 14:55 UTCEPSS rescore
- 2026-06-21 14:55 UTCEPSS rescore
- 2026-06-21 01:58 UTCEPSS rescore
- 2026-06-21 01:58 UTCEPSS rescore
- 2026-06-19 19:24 UTCEPSS rescore
- 2026-06-19 19:24 UTCEPSS rescore
- 2026-06-18 17:51 UTCEPSS rescore
- 2026-06-18 17:51 UTCEPSS rescore
- 2026-06-17 17:51 UTCEPSS rescore
- 2026-06-17 17:51 UTCEPSS rescore
- 2026-06-16 17:51 UTCEPSS rescore
- 2026-06-15 17:46 UTCEPSS rescore
- 2026-06-14 23:15 UTCEPSS rescore
- 2026-06-13 22:58 UTCEPSS rescore
- 2026-06-12 23:10 UTCEPSS rescore
- 2026-06-12 23:10 UTCEPSS rescore
- 2026-06-11 13:58 UTCEPSS rescore
- 2026-06-11 13:58 UTCEPSS rescore
- 2026-06-10 22:44 UTCOSV refresh
- 2026-06-10 22:17 UTCEPSS rescore
- 2026-06-10 13:20 UTCEPSS rescore
- 2026-06-08 14:15 UTCEPSS rescore
- 2026-06-08 14:15 UTCEPSS rescore
- 2026-06-07 15:23 UTCEPSS rescore
- 2026-06-07 15:23 UTCEPSS rescore
- 2026-06-06 13:46 UTCEPSS rescore
- 2026-06-06 13:46 UTCEPSS rescore
- 2026-06-06 13:46 UTCEPSS rescore
- 2026-06-05 22:46 UTCEPSS rescore
- 2026-06-05 22:45 UTCEPSS rescore
- 2026-06-05 06:09 UTCEPSS rescore
- 2026-06-05 06:09 UTCEPSS rescore
- 2026-06-04 13:11 UTCEPSS rescore
- 2026-06-04 13:11 UTCEPSS rescore
- 2026-06-02 20:11 UTCEPSS rescore
- 2026-06-02 20:11 UTCEPSS rescore
- 2026-06-01 13:50 UTCEPSS rescore
- 2026-06-01 13:50 UTCEPSS rescore
- 2026-05-31 22:29 UTCEPSS rescore
- 2026-05-31 22:29 UTCEPSS rescore
- 2026-05-31 22:29 UTCEPSS rescore
- 2026-05-31 00:15 UTCEPSS rescore
- 2026-05-31 00:15 UTCEPSS rescore
- 2026-05-29 13:43 UTCEPSS rescore
- 2026-05-29 13:43 UTCEPSS rescore
- 2026-05-28 13:43 UTCEPSS rescore
- 2026-05-28 13:43 UTCEPSS rescore
- 2026-05-27 13:39 UTCEPSS rescore
- 2026-05-27 13:39 UTCEPSS rescore
- 2026-05-26 13:43 UTCEPSS rescore
- 2026-05-26 13:43 UTCEPSS rescore
- 2026-05-26 07:17 UTCEPSS rescore
- 2026-05-26 07:17 UTCEPSS rescore
- 2026-05-26 07:17 UTCEPSS rescore
- 2026-05-25 11:08 UTCEG score recompute
- 2026-05-25 11:08 UTCVendor advisory
- 2026-05-25 11:07 UTCGHSA enrichment
- 2026-05-24 16:51 UTCEPSS rescore
Related CVEs(same vendor + same CWE)
Same vendor
10 shownubuntu
Same CWE
10 shownCWE-74
- CVE-2015-10062NVD 5.5EG 9.8MEDIUM
- CVE-2015-10027NVD 5.5EG 9.8MEDIUM
- CVE-2016-15007NVD 5.5EG 9.8MEDIUM
- CVE-2016-15004NVD 7.3EG 9.8HIGH
- CVE-2013-4144EG 9.8CRITICAL
- CVE-2013-7487EG 9.8CRITICAL
- CVE-2014-4678EG 9.8EPSS 92%CRITICAL
- CVE-2014-4967EG 9.8CRITICAL
- CVE-2014-4966EG 9.8CRITICAL
- CVE-2013-7381EG 9.8CRITICAL
Frequently asked(5)
What is CVE-2022-3643?
When was CVE-2022-3643 disclosed?
Is CVE-2022-3643 actively exploited?
What is the CVSS score of CVE-2022-3643?
How do I remediate CVE-2022-3643?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2022-3643
Is Your Infrastructure Affected by CVE-2022-3643?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.