BDU:2022-05664

Уязвимость функции xfrm_expand_policies (net/xfrm/xfrm_policy.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: LOW (2.7) Vector: AV:A/AC:L/Au:S/C:N/I:N/A:P

References:

CVE-2022-36879

Published: 2022-05-26
Modified: 2024-11-21

CVE-2022-1882

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-07-27
Modified: 2025-05-05

CVE-2022-36879

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.2

Package kernel-image-un-def update in sisyphus on 2022-07-30

ALT-PU-2022-2319-1

Closed vulnerabilities

BDU:2022-05664

CVE-2022-1882

CVE-2022-36879