Bug 2114849 (CVE-2022-2588)
Summary: | CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | Li Shuang <shuali> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, allarkin, bdettelb, bhu, brdeoliv, bskeggs, chorn, chwhite, crwood, ctoe, dbohanno, ddepaula, debarbos, dhoward, donovan.debeuckelaer, dvlasenk, fhrbata, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jfaracco, jferlan, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, linville, lzampier, masami256, mchehab, mhernon, michal.skrivanek, mperina, mschwabe, mvanderw, nmurray, psampaio, ptalbert, qzhao, rhandlin, rkeshri, rvrbovsk, sbalasub, scweaver, security-response-team, shuali, soutteri, steved, tyberry, vkumar, walters, williams, ycote |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 3.10 | Doc Type: | If docs needed, set a value |
Doc Text: |
A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-12-04 06:16:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2116325, 2116326, 2116327, 2116328, 2117014, 2121806, 2121807, 2121808, 2121809, 2121810, 2121811, 2121812, 2121813, 2121814, 2121815, 2121816, 2121817, 2121818, 2121819, 2121820, 2122581, 2122582, 2122583, 2122584, 2122585, 2122586, 2124536, 2125517, 2183526, 2183564 | ||
Bug Blocks: | 1993988, 2114850 |
Description
Marian Rehak
2022-08-03 11:50:01 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2117014] This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:6551 https://access.redhat.com/errata/RHSA-2022:6551 *** Bug 2132973 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:6872 https://access.redhat.com/errata/RHSA-2022:6872 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:6875 https://access.redhat.com/errata/RHSA-2022:6875 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6978 https://access.redhat.com/errata/RHSA-2022:6978 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6991 https://access.redhat.com/errata/RHSA-2022:6991 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6983 https://access.redhat.com/errata/RHSA-2022:6983 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7110 https://access.redhat.com/errata/RHSA-2022:7110 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7137 https://access.redhat.com/errata/RHSA-2022:7137 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7134 https://access.redhat.com/errata/RHSA-2022:7134 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Via RHSA-2022:7146 https://access.redhat.com/errata/RHSA-2022:7146 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2022:7171 https://access.redhat.com/errata/RHSA-2022:7171 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Via RHSA-2022:7173 https://access.redhat.com/errata/RHSA-2022:7173 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2022:7279 https://access.redhat.com/errata/RHSA-2022:7279 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2022:7280 https://access.redhat.com/errata/RHSA-2022:7280 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7337 https://access.redhat.com/errata/RHSA-2022:7337 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7338 https://access.redhat.com/errata/RHSA-2022:7338 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7344 https://access.redhat.com/errata/RHSA-2022:7344 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2022:7885 https://access.redhat.com/errata/RHSA-2022:7885 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2588 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2023:4022 https://access.redhat.com/errata/RHSA-2023:4022 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Via RHSA-2023:4023 https://access.redhat.com/errata/RHSA-2023:4023 |