Back to bug 2124475
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Mauro Matteo Cascella | 2022-09-06 09:24:58 UTC | CC | security-response-team | |
| Mauro Matteo Cascella | 2022-09-06 10:29:00 UTC | Depends On | 2124493, 2124490, 2124494, 2124492 | |
| Mauro Matteo Cascella | 2022-10-18 09:59:06 UTC | Alias | CVE-2022-3586 | |
| CC | ezulian, kernel-mgr | |||
| Summary | EMBARGOED kernel: net scheduler use-after-free information disclosure vulnerability | CVE-2022-3586 kernel: net scheduler use-after-free information disclosure vulnerability | ||
| Group | security, qe_staff | |||
| Deadline | 2022-08-31 | |||
| Fixed In Version | kernel 6.0 | |||
| Mauro Matteo Cascella | 2022-10-18 10:02:24 UTC | Comment | 0 | updated |
| Mauro Matteo Cascella | 2022-10-18 10:46:52 UTC | Doc Text | A flaw was found in the Linux kernel networking code. A use-after-free was found in the way the sch_sfb enqueue function was using the skb (socket buffer) cb field after the same skb had been enqueued (and freed) into a child qdisc. A local unprivileged user could use this flaw to crash the system, causing a denial of service condition. | |
| Li Shuang | 2022-10-18 12:23:42 UTC | CC | shuali | |
| RaTasha Tillery-Smith | 2022-10-18 12:57:36 UTC | Doc Text | A flaw was found in the Linux kernel networking code. A use-after-free was found in the way the sch_sfb enqueue function was using the skb (socket buffer) cb field after the same skb had been enqueued (and freed) into a child qdisc. A local unprivileged user could use this flaw to crash the system, causing a denial of service condition. | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. |
| Mauro Matteo Cascella | 2022-10-21 15:49:04 UTC | Doc Text | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to to disclose sensitive information or crash the system, causing a denial of service. |
| Red Hat Bugzilla | 2022-12-31 23:36:22 UTC | CC | fhrbata | |
| Alex | 2023-02-19 17:52:20 UTC | Flags | needinfo?(mcascell) | |
| Alex | 2023-02-19 17:53:59 UTC | Flags | needinfo?(mcascell) | |
| Alex | 2023-02-19 17:57:26 UTC | Flags | needinfo?(mcascell) | |
| Mauro Matteo Cascella | 2023-02-20 17:07:41 UTC | Flags | needinfo?(mcascell) needinfo?(mcascell) needinfo?(mcascell) | needinfo?(allarkin) |
| CC | allarkin | |||
| Alex | 2023-02-21 13:20:09 UTC | Flags | needinfo?(allarkin) | needinfo?(mcascell) |
| Mauro Matteo Cascella | 2023-02-21 15:03:36 UTC | Flags | needinfo?(mcascell) | |
| Red Hat Bugzilla | 2023-04-01 08:42:10 UTC | CC | dhoward | |
| Red Hat Bugzilla | 2023-07-07 08:29:08 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team |
Back to bug 2124475