Bug 2066819 (CVE-2022-1353) - CVE-2022-1353 kernel: kernel info leak issue in pfkey_register
Summary: CVE-2022-1353 kernel: kernel info leak issue in pfkey_register
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-1353
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat2075181 Red Hat2075182 Red Hat2075183 Red Hat2075184 Embargoed2103286 Embargoed2103288 Red Hat2106652 Red Hat2106653 Red Hat2107611 Red Hat2107612 Red Hat2107613 Red Hat2107615
Blocks: Embargoed2066815 Red Hat2075505
TreeView+ depends on / blocked
 
Reported: 2022-03-22 14:29 UTC by Rohit Keshri
Modified: 2023-05-12 20:05 UTC (History)
51 users (show)

Fixed In Version: kernel 5.17 rc12
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
Clone Of:
Environment:
Last Closed: 2022-12-05 14:21:24 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:7198 0 None None None 2022-10-25 22:38:08 UTC
Red Hat Product Errata RHBA-2022:7269 0 None None None 2022-11-01 10:44:50 UTC
Red Hat Product Errata RHBA-2022:7437 0 None None None 2022-11-07 10:45:43 UTC
Red Hat Product Errata RHBA-2022:7836 0 None None None 2022-11-08 12:01:13 UTC
Red Hat Product Errata RHSA-2022:5934 0 None None None 2022-08-09 10:23:36 UTC
Red Hat Product Errata RHSA-2022:5998 0 None None None 2022-08-09 14:42:52 UTC
Red Hat Product Errata RHSA-2022:6243 0 None None None 2022-08-31 00:41:12 UTC
Red Hat Product Errata RHSA-2022:6248 0 None None None 2022-08-30 21:44:01 UTC
Red Hat Product Errata RHSA-2022:7110 0 None None None 2022-10-25 08:44:43 UTC
Red Hat Product Errata RHSA-2022:7134 0 None None None 2022-10-25 08:58:22 UTC
Red Hat Product Errata RHSA-2022:7933 0 None None None 2022-11-15 09:44:51 UTC
Red Hat Product Errata RHSA-2022:8267 0 None None None 2022-11-15 10:47:33 UTC

Description Rohit Keshri 2022-03-22 14:29:30 UTC 
A vulnerability was found in pfkey_register in net/key/af_key.c in the Linux kernel. In this flaw, a local unprivileged user may gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

Reference:
https://lore.kernel.org/all/20220321215240.490132-2-sashal@kernel.org/
Comment 21 errata-xmlrpc 2022-08-09 10:23:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5934 https://access.redhat.com/errata/RHSA-2022:5934
Comment 22 errata-xmlrpc 2022-08-09 14:42:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5998 https://access.redhat.com/errata/RHSA-2022:5998
Comment 24 errata-xmlrpc 2022-08-30 21:43:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6248 https://access.redhat.com/errata/RHSA-2022:6248
Comment 25 errata-xmlrpc 2022-08-31 00:41:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6243 https://access.redhat.com/errata/RHSA-2022:6243
Comment 26 errata-xmlrpc 2022-10-25 08:44:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7110 https://access.redhat.com/errata/RHSA-2022:7110
Comment 27 errata-xmlrpc 2022-10-25 08:58:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7134 https://access.redhat.com/errata/RHSA-2022:7134
Comment 28 errata-xmlrpc 2022-11-15 09:44:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7933 https://access.redhat.com/errata/RHSA-2022:7933
Comment 29 errata-xmlrpc 2022-11-15 10:47:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8267 https://access.redhat.com/errata/RHSA-2022:8267
Comment 30 Product Security DevOps Team 2022-12-05 14:21:19 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-1353
Note You need to log in before you can comment on or make changes to this bug.