Bug 2065587

Summary: CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS [CentOS Stream 8]
Product: Red Hat Enterprise Linux 8 Reporter: Sandro Bonazzola <sbonazzo>
Component: kernelAssignee: Don Howard <dhoward>
kernel sub component: Packaging QA Contact: Red Hat Kernel QE team <kernel-qe>
Status: CLOSED CURRENTRELEASE Docs Contact:
Severity: high    
Priority: high CC: acaringi, bstinson, jarod, jwboyer
Version: CentOS StreamKeywords: Security, SecurityTracking
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-21 13:38:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2048738, 2056597    

Description Sandro Bonazzola 2022-03-18 09:30:00 UTC 
This bug was created to ensure that one or more security vulnerabilities are fixed in affected versions of CentOS Stream 8.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
Comment 2 Sandro Bonazzola 2022-03-18 09:30:45 UTC 
As of March 18th https://koji.mbox.centos.org/koji/packageinfo?packageID=866 didn't get the fix yet.
Comment 4 Sandro Bonazzola 2022-03-22 14:18:40 UTC 
Just adding a note here, that even kernel-4.18.0-373.el8 not yet built for CentOS Stream 8 is missing the fix according to the changelog at https://git.centos.org/rpms/kernel/c/7ae59b72bcca86907a4a14fadbea4d30dfeef357?branch=c8s
Comment 5 Sandro Bonazzola 2022-04-22 09:01:37 UTC 
[kernel-4.18.0-383.el8](https://koji.mbox.centos.org/koji/buildinfo?buildID=21679) includes the fix for this CVE.