CVE-2022-0435

CWE-787Out-of-bounds Write14 documents8 sources
Severity
8.8HIGH
EPSS
54.3%
top 1.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
24
Linux LinuxLinux Linux KernelFedoraproject Fedora+21 more
Timeline
PublishedMar 25
Latest updateApr 13

Description

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

NVDlinux/linux_kernel4.84.9.301+7
CVEListV5linux/linux35c55c9877f8de0ab129fa1a309271d0ecc868b9175db196e45d6f0e6047eccd09c8ba55465eb131+8
Debianlinux< 5.10.92-2+3
CVEListV5kernelkernel 5.17-rc4
NVDredhat/codeready_linux_builder8.0, 8.4, 8.2+2

Also affects: Enterprise Linux 8.0, 8.2, 8.4, 8, Fedora 34, 35

Patches

Patch: bugzilla.redhat.comPatch: www.openwall.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
CVEList
CVE-2022-0435: A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the nu2022-03-25
OSV
CVE-2022-0435: A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the nu2022-03-25
Kernel
tipc: improve size validations for received domain records2022-02-05

📋Vendor Advisories

10
Ubuntu
Linux kernel (BlueField) vulnerabilities2022-04-13
Ubuntu
Linux kernel vulnerabilities2022-04-06
Ubuntu
Linux kernel (Intel IOTG) vulnerabilities2022-04-01
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-03-22