CVE-2022-33743
Description
Important: kernel security, bug fix, and enhancement update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description kernel: network backend may cause Linux netfront to use freed SKBs (XSA-405) Red Hat statement Keeping this flaw Moderate, because only a denial of service is possible (A:H) as result of memory leak problem. The memory leak can happen because instead of removing skb, keeping it in the networking stack forever. The CVSS score is higher, than usually for Moderate, because kept "C:H" andβ¦
Description
kernel: network backend may cause Linux netfront to use freed SKBs (XSA-405)
Red Hat statement
Keeping this flaw Moderate, because only a denial of service is possible (A:H) as result of memory leak problem. The memory leak can happen because instead of removing skb, keeping it in the networking stack forever. The CVSS score is higher, than usually for Moderate, because kept "C:H" and "I:H" too in case maybe potentially would be possible privilege escalation too.
CVSS v3: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-284.11.1.el9_2 | RHSA-2023:2458 | 2023-05-09T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2 | RHSA-2023:2148 | 2023-05-09T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-284.11.1.el9_2 | RHSA-2023:2458 | 2023-05-09T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected |
| Red Hat Enterprise Linux 8 | kernel | Not affected |
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected |
Apply commands
yum update -y kernel
# or:
dnf upgrade -y kernelAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | kernel-devel-matched-5.14.0-284.11.1.el9_2.aarch64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 5.18.14-1 |
| sid | Fixed | 5.18.14-1 |
| forky | Fixed | 5.18.14-1 |
| bullseye | Fixed | 5.10.127-2 |
| bookworm | Fixed | 5.18.14-1 |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2023:2148
- https://access.redhat.com/errata/RHSA-2023:2458
- https://www.suse.com/security/cve/CVE-2022-33743.html
- https://security-tracker.debian.org/tracker/CVE-2022-33743
- https://bugzilla.redhat.com/2061703
- https://bugzilla.redhat.com/2073091
- https://bugzilla.redhat.com/2078466
- https://bugzilla.redhat.com/2089701
- https://bugzilla.redhat.com/2090723
- https://bugzilla.redhat.com/2106830
- https://bugzilla.redhat.com/2107924
- https://bugzilla.redhat.com/2108691
- https://bugzilla.redhat.com/2114937
- https://bugzilla.redhat.com/2122228
- https://bugzilla.redhat.com/2123056
- https://bugzilla.redhat.com/2124788
- https://bugzilla.redhat.com/2130141
- https://bugzilla.redhat.com/2133483
- https://bugzilla.redhat.com/2133490
- https://bugzilla.redhat.com/2134377
- https://bugzilla.redhat.com/2134380
- https://bugzilla.redhat.com/2134451
- https://bugzilla.redhat.com/2134506
- https://bugzilla.redhat.com/2134517
- https://bugzilla.redhat.com/2134528
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.