CVE-2022-0742

Опубликовано: 03 мар. 2022

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.

A memory leak flaw was found in the Linux kernel’s ICMPv6 networking protocol, in the way a user generated malicious ICMPv6 packets. This flaw allows a remote user to crash the system.

Отчет

The impact is limited, due to ICMPv6 only possible by a remote system crash (without the possibility of exploiting a remote system).

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-459

https://bugzilla.redhat.com/show_bug.cgi?id=2059294kernel: bug memory leaks in ICMPv6 handlers

EPSS

Процентиль: 80%

0.01477

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-0742

CVSS3: 9.1

ubuntu

больше 3 лет назад

CVE-2022-0742

CVSS3: 9.1

nvd

больше 3 лет назад

CVE-2022-0742

CVSS3: 7.5

msrc

около 3 лет назад

Описание отсутствует

CVE-2022-0742

CVSS3: 9.1

debian

больше 3 лет назад

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a rem ...

GHSA-c2j9-m677-3m66

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 80%

0.01477

Низкий

7.5 High

CVSS3