Описание
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
A NULL pointer dereference flaw was found in the Linux kernel’s bonding driver in the way a user bonds non existing or fake device. This flaw allows a local user to crash the system, causing a denial of service.
Меры по смягчению последствий
To mitigate this issue, prevent the module bonding from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2022:1975 | 10.05.2022 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2022:1988 | 10.05.2022 |
Показывать по
Дополнительная информация
Статус:
5.1 Medium
CVSS3
Связанные уязвимости
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
A flaw was found in the Linux kernel. A null pointer dereference in bo ...
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
Уязвимость функции bond_ipsec_add_sa() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
5.1 Medium
CVSS3