A use-after-free flaw was found in u32_change in net/sched/cls_u32.c in the network subcomponent of the Linux kernel. This flaw could allow a local attacker to crash the system and cause a privilege escalation, and a kernel information leak problem. References and upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3db09e762dc79584a69c10d74a6b98f89a9979f8 https://kernel.dance/#3db09e762dc79584a69c10d74a6b98f89a9979f8
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2088023]
This was fixed for fedora with the 5.17.5 stable kernel update.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7444 https://access.redhat.com/errata/RHSA-2022:7444
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7683 https://access.redhat.com/errata/RHSA-2022:7683
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7933 https://access.redhat.com/errata/RHSA-2022:7933
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8267 https://access.redhat.com/errata/RHSA-2022:8267
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-29581
Hello, the CVE page https://access.redhat.com/security/cve/CVE-2022-29581 says in the Mitigation section To mitigate this issue, prevent the module u32 from being loaded by blacklisting the module to prevent it from loading automatically. However, at least on RHEL 9.0 and 8.6, module u32 does not exist. Instead, is it possible that cls_u32 should be mentioned in that text? Thank you, Jan
Hello Guilherme, could you please help answer the question in comment 17? Thank you, Jan
Hi, Redirecting the needinfo to Rohit, the Product Security analyst who handled this CVE. @Rohit, could you please check? Thanks.