Linux Kernel buffer overflow | CVE-2022-0435
NAME
Linux Kernel buffer overflow
- Platforms Affected:
Linux Kernel 4.9
Linux Kernel 4.10
Linux Kernel 4.8.0
Linux Kernel 4.11
Linux Kernel 4.12
Linux Kernel 4.13.0
Linux Kernel 4.15
Linux Kernel 4.14
Linux Kernel 4.16
Linux Kernel 4.17
Linux Kernel 4.18
Linux Kernel 4.19
Linux Kernel 4.20
Linux Kernel 5.0
Linux Kernel 5.1
Linux Kernel 5.2
Linux Kernel 5.3
Linux Kernel 4.9.0
Linux Kernel 5.4
Linux Kernel 5.5
Linux Kernel 5.6.0
Linux Kernel 5.7.0
Linux Kernel 5.8.0
Linux Kernel 5.10
Linux Kernel 5.11
Linux Kernel 5.12
Linux Kernel 5.13
Linux Kernel 5.14
Linux Kernel 5.15
Linux Kernel 5.16 - Risk Level:
9.8 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Linux Kernel is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Transparent Inter Process Communication (TIPC) module. By sending a specially-crafted domain record containing an arbitrary payload, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://seclists.org/oss-sec/2022/q1/130 - Reference Link:
https://github.com/torvalds/linux/commit/9aa422ad326634b76309e8ff342c246800621216
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
