Bug 2048738 (CVE-2022-0435) - CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
Summary: CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-0435
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2048967 2048968 2048969 2048970 2048971 2048972 2048973 2048974 2048975 2048976 2048977 2048978 2050119 2050132 2050133 2050134 2050135 2050136 2053129 2056597 2065587 2067089 2067090
Blocks: 2048739 2048740
TreeView+ depends on / blocked
 
Reported: 2022-01-31 18:08 UTC by Marian Rehak
Modified: 2022-10-02 21:53 UTC (History)
62 users (show)

Fixed In Version: kernel 5.17-rc4
Doc Type: If docs needed, set a value
Doc Text:
A stack overflow flaw was found in the Linux kernelā€™s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
Clone Of:
Environment:
Last Closed: 2022-03-14 17:01:14 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:1316 0 None None None 2022-04-12 10:24:59 UTC
Red Hat Product Errata RHSA-2022:0771 0 None None None 2022-03-08 15:04:45 UTC
Red Hat Product Errata RHSA-2022:0772 0 None None None 2022-03-08 15:55:52 UTC
Red Hat Product Errata RHSA-2022:0777 0 None None None 2022-03-08 17:51:08 UTC
Red Hat Product Errata RHSA-2022:0819 0 None None None 2022-03-10 15:04:33 UTC
Red Hat Product Errata RHSA-2022:0825 0 None None None 2022-03-10 16:15:50 UTC
Red Hat Product Errata RHSA-2022:0841 0 None None None 2022-03-14 09:23:19 UTC
Red Hat Product Errata RHSA-2022:0849 0 None None None 2022-03-14 10:48:53 UTC
Red Hat Product Errata RHSA-2022:1186 0 None None None 2022-04-05 08:39:41 UTC
Red Hat Product Errata RHSA-2022:1209 0 None None None 2022-04-05 15:08:07 UTC
Red Hat Product Errata RHSA-2022:1213 0 None None None 2022-04-05 15:46:40 UTC
Red Hat Product Errata RHSA-2022:1589 0 None None None 2022-04-26 17:11:25 UTC
Red Hat Product Errata RHSA-2022:1619 0 None None None 2022-04-27 07:33:15 UTC

Description Marian Rehak 2022-01-31 18:08:02 UTC
A  remote stack overflow in the TIPC networking module. With FORTIFY_SOURCE's stricter memcpy() bounds checking, this can be exploited to cause remote DOS via kernel panic on systems using TIPC. Prior to these bounds checks, and with a canary leak (or no CONFIG_STACKPROTECTOR), this can be exploited for RCE.

Reference:
https://www.openwall.com/lists/oss-security/2022/02/10/1

Comment 8 Alex 2022-02-10 15:17:11 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2053129]

Comment 11 Sandro Bonazzola 2022-02-21 14:55:56 UTC
Created oVirt tracking bug for this issue:

Affects: oVirt Node 4.4 [ bug #2056597 ]

Comment 12 errata-xmlrpc 2022-03-08 15:04:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0771 https://access.redhat.com/errata/RHSA-2022:0771

Comment 13 errata-xmlrpc 2022-03-08 15:55:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0772 https://access.redhat.com/errata/RHSA-2022:0772

Comment 14 errata-xmlrpc 2022-03-08 17:51:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0777 https://access.redhat.com/errata/RHSA-2022:0777

Comment 15 errata-xmlrpc 2022-03-10 15:04:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0819 https://access.redhat.com/errata/RHSA-2022:0819

Comment 16 errata-xmlrpc 2022-03-10 16:15:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0825 https://access.redhat.com/errata/RHSA-2022:0825

Comment 17 errata-xmlrpc 2022-03-14 09:23:14 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:0841 https://access.redhat.com/errata/RHSA-2022:0841

Comment 18 errata-xmlrpc 2022-03-14 10:48:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0849 https://access.redhat.com/errata/RHSA-2022:0849

Comment 19 Product Security DevOps Team 2022-03-14 17:01:10 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0435

Comment 20 Sandro Bonazzola 2022-03-18 09:32:11 UTC
Created kernel tracking bug for this issue:

Affects: CentOS Stream 8 [ bug 2065587 ]

Comment 21 Sandro Bonazzola 2022-03-22 14:18:02 UTC
(In reply to Sandro Bonazzola from comment #20)
> Created kernel tracking bug for this issue:
> 
> Affects: CentOS Stream 8 [ bug 2065587 ]

Just adding a note here, that even kernel-4.18.0-373.el8 not yet built for CentOS Stream 8 is missing the fix according to the changelog at https://git.centos.org/rpms/kernel/c/7ae59b72bcca86907a4a14fadbea4d30dfeef357?branch=c8s
Despite bug #2065587 has been closed.

Comment 26 errata-xmlrpc 2022-04-05 08:39:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1186 https://access.redhat.com/errata/RHSA-2022:1186

Comment 27 errata-xmlrpc 2022-04-05 15:08:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1209 https://access.redhat.com/errata/RHSA-2022:1209

Comment 28 errata-xmlrpc 2022-04-05 15:46:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1213 https://access.redhat.com/errata/RHSA-2022:1213

Comment 30 errata-xmlrpc 2022-04-26 17:11:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1589 https://access.redhat.com/errata/RHSA-2022:1589

Comment 31 errata-xmlrpc 2022-04-27 07:33:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1619 https://access.redhat.com/errata/RHSA-2022:1619


Note You need to log in before you can comment on or make changes to this bug.