VIR Vulnerability Intelligence Relay

CVE-2022-29581

medium
Published 2022-11-15 Β· Modified 2022-11-18
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

Moderate: kernel security, bug fix, and enhancement update

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c Red Hat statement Keeping the impact Moderate, because only memory leak can happen by default, and both hard to reproduce (at least reproducer not exists yet). CVSS v3: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux…

Description

kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c

Red Hat statement

Keeping the impact Moderate, because only memory leak can happen by default, and both hard to reproduce (at least reproducer not exists yet).

CVSS v3: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-425.3.1.rt7.213.el8RHSA-2022:74442022-11-08T00:00:00Z
Red Hat Enterprise Linux 8kernel-0:4.18.0-425.3.1.el8RHSA-2022:76832022-11-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Supportkernel-0:4.18.0-372.93.1.el8_6RHSA-2024:09302024-02-21T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-162.6.1.el9_1RHSA-2022:82672022-11-15T00:00:00Z
Red Hat Enterprise Linux 9kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1RHSA-2022:79332022-11-15T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-162.6.1.el9_1RHSA-2022:82672022-11-15T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8kernel-0:4.18.0-372.93.1.el8_6RHSA-2024:09302024-02-21T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope

Apply commands

bash fix
Apply RHSA-2022:7444 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
almalinux AlmaLinux Fixed 2 releases
VersionStatusFixed in
9 Fixed kernel-rt-debug-core-5.14.0-162.6.1.rt21.168.el9_1.x86_64.rpm
8 Fixed kernel-doc-4.18.0-425.3.1.el8.noarch.rpm
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 5.17.6-1
sid Fixed 5.17.6-1
forky Fixed 5.17.6-1
bullseye Fixed 5.10.113-1
bookworm Fixed 5.17.6-1
redhat Red Hat Fixed 2 releases
VersionStatusFixed in
9 Fixed β€”
8 Fixed β€”
rockylinux Rocky Linux Fixed 1 release
VersionStatusFixed in
8 Fixed β€”

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.