A remote stack overflow in the TIPC networking module. With FORTIFY_SOURCE's stricter memcpy() bounds checking, this can be exploited to cause remote DOS via kernel panic on systems using TIPC. Prior to these bounds checks, and with a canary leak (or no CONFIG_STACKPROTECTOR), this can be exploited for RCE. Reference: https://www.openwall.com/lists/oss-security/2022/02/10/1
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2053129]
Created oVirt tracking bug for this issue: Affects: oVirt Node 4.4 [ bug #2056597 ]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0771 https://access.redhat.com/errata/RHSA-2022:0771
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0772 https://access.redhat.com/errata/RHSA-2022:0772
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0777 https://access.redhat.com/errata/RHSA-2022:0777
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0819 https://access.redhat.com/errata/RHSA-2022:0819
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0825 https://access.redhat.com/errata/RHSA-2022:0825
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:0841 https://access.redhat.com/errata/RHSA-2022:0841
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0849 https://access.redhat.com/errata/RHSA-2022:0849
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0435
Created kernel tracking bug for this issue: Affects: CentOS Stream 8 [ bug 2065587 ]
(In reply to Sandro Bonazzola from comment #20) > Created kernel tracking bug for this issue: > > Affects: CentOS Stream 8 [ bug 2065587 ] Just adding a note here, that even kernel-4.18.0-373.el8 not yet built for CentOS Stream 8 is missing the fix according to the changelog at https://git.centos.org/rpms/kernel/c/7ae59b72bcca86907a4a14fadbea4d30dfeef357?branch=c8s Despite bug #2065587 has been closed.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1186 https://access.redhat.com/errata/RHSA-2022:1186
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1209 https://access.redhat.com/errata/RHSA-2022:1209
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1213 https://access.redhat.com/errata/RHSA-2022:1213
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1589 https://access.redhat.com/errata/RHSA-2022:1589
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1619 https://access.redhat.com/errata/RHSA-2022:1619