Bug 2114849 (CVE-2022-2588) - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
Summary: CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may...
Keywords:
Status: NEW
Alias: CVE-2022-2588
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Li Shuang
URL:
Whiteboard:
Depends On: 2121819 2116325 2116326 2116327 2116328 2117014 2121806 2121807 2121808 2121809 2121810 2121811 2121812 2121813 2121814 2121815 2121816 2121817 2121818 2121820 2122581 2122582 2122583 2122584 2122585 2122586 2124536 2125517
Blocks: CVE-2021-3715 2114850
TreeView+ depends on / blocked
 
Reported: 2022-08-03 11:50 UTC by Marian Rehak
Modified: 2022-11-18 15:42 UTC (History)
69 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:7198 0 None None None 2022-10-25 22:38:29 UTC
Red Hat Product Errata RHBA-2022:7269 0 None None None 2022-11-01 10:45:15 UTC
Red Hat Product Errata RHBA-2022:7437 0 None None None 2022-11-07 10:45:53 UTC
Red Hat Product Errata RHBA-2022:7836 0 None None None 2022-11-08 12:01:24 UTC
Red Hat Product Errata RHBA-2022:7877 0 None None None 2022-11-09 09:26:45 UTC
Red Hat Product Errata RHBA-2022:7890 0 None None None 2022-11-09 15:34:45 UTC
Red Hat Product Errata RHSA-2022:6551 0 None None None 2022-09-19 11:50:40 UTC
Red Hat Product Errata RHSA-2022:6872 0 None None None 2022-10-11 12:32:14 UTC
Red Hat Product Errata RHSA-2022:6875 0 None None None 2022-10-11 12:38:32 UTC
Red Hat Product Errata RHSA-2022:6978 0 None None None 2022-10-18 07:41:48 UTC
Red Hat Product Errata RHSA-2022:6983 0 None None None 2022-10-18 08:15:34 UTC
Red Hat Product Errata RHSA-2022:6991 0 None None None 2022-10-18 08:09:03 UTC
Red Hat Product Errata RHSA-2022:7110 0 None None None 2022-10-25 08:45:05 UTC
Red Hat Product Errata RHSA-2022:7134 0 None None None 2022-10-25 08:59:01 UTC
Red Hat Product Errata RHSA-2022:7137 0 None None None 2022-10-25 08:56:40 UTC
Red Hat Product Errata RHSA-2022:7146 0 None None None 2022-10-25 10:34:04 UTC
Red Hat Product Errata RHSA-2022:7171 0 None None None 2022-10-25 13:07:03 UTC
Red Hat Product Errata RHSA-2022:7173 0 None None None 2022-10-25 13:11:03 UTC
Red Hat Product Errata RHSA-2022:7279 0 None None None 2022-11-01 14:17:37 UTC
Red Hat Product Errata RHSA-2022:7280 0 None None None 2022-11-01 14:18:15 UTC
Red Hat Product Errata RHSA-2022:7337 0 None None None 2022-11-02 16:34:34 UTC
Red Hat Product Errata RHSA-2022:7338 0 None None None 2022-11-02 16:35:09 UTC
Red Hat Product Errata RHSA-2022:7344 0 None None None 2022-11-02 16:38:10 UTC
Red Hat Product Errata RHSA-2022:7885 0 None None None 2022-11-09 09:42:34 UTC

Description Marian Rehak 2022-08-03 11:50:01 UTC
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0, this could be exploited for Local Privilege Escalation.

Comment 5 Rohit Keshri 2022-08-09 18:19:51 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2117014]

Comment 16 errata-xmlrpc 2022-09-19 11:50:34 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:6551 https://access.redhat.com/errata/RHSA-2022:6551

Comment 17 Alex 2022-10-07 11:55:58 UTC
*** Bug 2132973 has been marked as a duplicate of this bug. ***

Comment 18 errata-xmlrpc 2022-10-11 12:32:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:6872 https://access.redhat.com/errata/RHSA-2022:6872

Comment 19 errata-xmlrpc 2022-10-11 12:38:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:6875 https://access.redhat.com/errata/RHSA-2022:6875

Comment 20 errata-xmlrpc 2022-10-18 07:41:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6978 https://access.redhat.com/errata/RHSA-2022:6978

Comment 21 errata-xmlrpc 2022-10-18 08:08:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6991 https://access.redhat.com/errata/RHSA-2022:6991

Comment 22 errata-xmlrpc 2022-10-18 08:15:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6983 https://access.redhat.com/errata/RHSA-2022:6983

Comment 23 errata-xmlrpc 2022-10-25 08:44:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7110 https://access.redhat.com/errata/RHSA-2022:7110

Comment 24 errata-xmlrpc 2022-10-25 08:56:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7137 https://access.redhat.com/errata/RHSA-2022:7137

Comment 25 errata-xmlrpc 2022-10-25 08:58:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7134 https://access.redhat.com/errata/RHSA-2022:7134

Comment 26 errata-xmlrpc 2022-10-25 10:33:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2022:7146 https://access.redhat.com/errata/RHSA-2022:7146

Comment 27 errata-xmlrpc 2022-10-25 13:06:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2022:7171 https://access.redhat.com/errata/RHSA-2022:7171

Comment 28 errata-xmlrpc 2022-10-25 13:10:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions

Via RHSA-2022:7173 https://access.redhat.com/errata/RHSA-2022:7173

Comment 29 errata-xmlrpc 2022-11-01 14:17:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:7279 https://access.redhat.com/errata/RHSA-2022:7279

Comment 30 errata-xmlrpc 2022-11-01 14:18:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:7280 https://access.redhat.com/errata/RHSA-2022:7280

Comment 31 errata-xmlrpc 2022-11-02 16:34:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:7337 https://access.redhat.com/errata/RHSA-2022:7337

Comment 32 errata-xmlrpc 2022-11-02 16:35:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:7338 https://access.redhat.com/errata/RHSA-2022:7338

Comment 33 errata-xmlrpc 2022-11-02 16:38:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:7344 https://access.redhat.com/errata/RHSA-2022:7344

Comment 34 errata-xmlrpc 2022-11-09 09:42:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Via RHSA-2022:7885 https://access.redhat.com/errata/RHSA-2022:7885


Note You need to log in before you can comment on or make changes to this bug.