Bug 2114849 (CVE-2022-2588) - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
Summary: CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-2588
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Li Shuang
URL:
Whiteboard:
Depends On: 2116325 2116326 2116327 2116328 2117014 2121806 2121807 2121808 2121809 2121810 2121811 2121812 2121813 2121814 2121815 2121816 2121817 2121818 2121819 2121820 2122581 2122582 2122583 2122584 2122585 2122586 2124536 2125517 2183526 2183564
Blocks: CVE-2021-3715 2114850
TreeView+ depends on / blocked
 
Reported: 2022-08-03 11:50 UTC by Marian Rehak
Modified: 2023-07-11 07:52 UTC (History)
71 users (show)

Fixed In Version: kernel 3.10
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.
Clone Of:
Environment:
Last Closed: 2022-12-04 06:16:42 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:7198 0 None None None 2022-10-25 22:38:29 UTC
Red Hat Product Errata RHBA-2022:7269 0 None None None 2022-11-01 10:45:15 UTC
Red Hat Product Errata RHBA-2022:7437 0 None None None 2022-11-07 10:45:53 UTC
Red Hat Product Errata RHBA-2022:7836 0 None None None 2022-11-08 12:01:24 UTC
Red Hat Product Errata RHBA-2022:7877 0 None None None 2022-11-09 09:26:45 UTC
Red Hat Product Errata RHBA-2022:7890 0 None None None 2022-11-09 15:34:45 UTC
Red Hat Product Errata RHSA-2022:6551 0 None None None 2022-09-19 11:50:40 UTC
Red Hat Product Errata RHSA-2022:6872 0 None None None 2022-10-11 12:32:14 UTC
Red Hat Product Errata RHSA-2022:6875 0 None None None 2022-10-11 12:38:32 UTC
Red Hat Product Errata RHSA-2022:6978 0 None None None 2022-10-18 07:41:48 UTC
Red Hat Product Errata RHSA-2022:6983 0 None None None 2022-10-18 08:15:34 UTC
Red Hat Product Errata RHSA-2022:6991 0 None None None 2022-10-18 08:09:03 UTC
Red Hat Product Errata RHSA-2022:7110 0 None None None 2022-10-25 08:45:05 UTC
Red Hat Product Errata RHSA-2022:7134 0 None None None 2022-10-25 08:59:01 UTC
Red Hat Product Errata RHSA-2022:7137 0 None None None 2022-10-25 08:56:40 UTC
Red Hat Product Errata RHSA-2022:7146 0 None None None 2022-10-25 10:34:04 UTC
Red Hat Product Errata RHSA-2022:7171 0 None None None 2022-10-25 13:07:03 UTC
Red Hat Product Errata RHSA-2022:7173 0 None None None 2022-10-25 13:11:03 UTC
Red Hat Product Errata RHSA-2022:7279 0 None None None 2022-11-01 14:17:37 UTC
Red Hat Product Errata RHSA-2022:7280 0 None None None 2022-11-01 14:18:15 UTC
Red Hat Product Errata RHSA-2022:7337 0 None None None 2022-11-02 16:34:34 UTC
Red Hat Product Errata RHSA-2022:7338 0 None None None 2022-11-02 16:35:09 UTC
Red Hat Product Errata RHSA-2022:7344 0 None None None 2022-11-02 16:38:10 UTC
Red Hat Product Errata RHSA-2022:7885 0 None None None 2022-11-09 09:42:34 UTC
Red Hat Product Errata RHSA-2023:4022 0 None None None 2023-07-11 07:52:08 UTC
Red Hat Product Errata RHSA-2023:4023 0 None None None 2023-07-11 07:52:40 UTC

Description Marian Rehak 2022-08-03 11:50:01 UTC 
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0, this could be exploited for Local Privilege Escalation.
Comment 5 Rohit Keshri 2022-08-09 18:19:51 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2117014]
Comment 16 errata-xmlrpc 2022-09-19 11:50:34 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:6551 https://access.redhat.com/errata/RHSA-2022:6551
Comment 17 Alex 2022-10-07 11:55:58 UTC 
*** Bug 2132973 has been marked as a duplicate of this bug. ***
Comment 18 errata-xmlrpc 2022-10-11 12:32:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:6872 https://access.redhat.com/errata/RHSA-2022:6872
Comment 19 errata-xmlrpc 2022-10-11 12:38:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:6875 https://access.redhat.com/errata/RHSA-2022:6875
Comment 20 errata-xmlrpc 2022-10-18 07:41:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6978 https://access.redhat.com/errata/RHSA-2022:6978
Comment 21 errata-xmlrpc 2022-10-18 08:08:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6991 https://access.redhat.com/errata/RHSA-2022:6991
Comment 22 errata-xmlrpc 2022-10-18 08:15:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6983 https://access.redhat.com/errata/RHSA-2022:6983
Comment 23 errata-xmlrpc 2022-10-25 08:44:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7110 https://access.redhat.com/errata/RHSA-2022:7110
Comment 24 errata-xmlrpc 2022-10-25 08:56:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7137 https://access.redhat.com/errata/RHSA-2022:7137
Comment 25 errata-xmlrpc 2022-10-25 08:58:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7134 https://access.redhat.com/errata/RHSA-2022:7134
Comment 26 errata-xmlrpc 2022-10-25 10:33:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2022:7146 https://access.redhat.com/errata/RHSA-2022:7146
Comment 27 errata-xmlrpc 2022-10-25 13:06:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2022:7171 https://access.redhat.com/errata/RHSA-2022:7171
Comment 28 errata-xmlrpc 2022-10-25 13:10:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions

Via RHSA-2022:7173 https://access.redhat.com/errata/RHSA-2022:7173
Comment 29 errata-xmlrpc 2022-11-01 14:17:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:7279 https://access.redhat.com/errata/RHSA-2022:7279
Comment 30 errata-xmlrpc 2022-11-01 14:18:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:7280 https://access.redhat.com/errata/RHSA-2022:7280
Comment 31 errata-xmlrpc 2022-11-02 16:34:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:7337 https://access.redhat.com/errata/RHSA-2022:7337
Comment 32 errata-xmlrpc 2022-11-02 16:35:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:7338 https://access.redhat.com/errata/RHSA-2022:7338
Comment 33 errata-xmlrpc 2022-11-02 16:38:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:7344 https://access.redhat.com/errata/RHSA-2022:7344
Comment 34 errata-xmlrpc 2022-11-09 09:42:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Via RHSA-2022:7885 https://access.redhat.com/errata/RHSA-2022:7885
Comment 35 Product Security DevOps Team 2022-12-04 06:16:36 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2588
Comment 41 errata-xmlrpc 2023-07-11 07:52:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2023:4022 https://access.redhat.com/errata/RHSA-2023:4022
Comment 42 errata-xmlrpc 2023-07-11 07:52:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions

Via RHSA-2023:4023 https://access.redhat.com/errata/RHSA-2023:4023
Note You need to log in before you can comment on or make changes to this bug.