Bug 2059294 (CVE-2022-0742) - CVE-2022-0742 kernel: bug memory leaks in ICMPv6 handlers
Summary: CVE-2022-0742 kernel: bug memory leaks in ICMPv6 handlers
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-0742
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2059308 2059309 2063534
Blocks: 2059178
TreeView+ depends on / blocked
 
Reported: 2022-02-28 16:46 UTC by Alex
Modified: 2022-05-17 12:16 UTC (History)
49 users (show)

Fixed In Version: Linux kernel 5.17-rc7
Doc Type: If docs needed, set a value
Doc Text:
A memory leak flaw was found in the Linux kernel’s ICMPv6 networking protocol, in the way a user generated malicious ICMPv6 packets. This flaw allows a remote user to crash the system.
Clone Of:
Environment:
Last Closed: 2022-05-17 12:16:12 UTC


Attachments (Terms of Use)

Description Alex 2022-02-28 16:46:35 UTC
A flaw in the Linux Kernel found.
If looking at a suspect synchronize_net() added in the blamed commit
f185de28d9ae ("mld: add new workqueues for process mld events"),
I found that igmp6_event_query() and igmp6_event_report()
simply forget to free skbs when their respective queues are full.

The fix is for the
void mld_process_v2(..)
in net/ipv6/mcast.c

This means that attackers can remotely OOM hosts, which is not nice.

Reference:
TODO add link to patch when public

Comment 5 Alex 2022-03-13 14:02:32 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2063534]

Comment 6 Justin M. Forbes 2022-03-16 15:51:11 UTC
This was fixed for Fedora with the 5.16.13 stable kernel updates.

Comment 7 Product Security DevOps Team 2022-05-17 12:16:08 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-0742


Note You need to log in before you can comment on or make changes to this bug.