Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-20154

Опубликовано: 15 июн. 2022
Источник: redhat
CVSS3: 6.4
EPSS Низкий

Описание

In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel

A use-after-free flaw due to a race condition was found in the Linux kernel’s sctp_diag module. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Меры по смягчению последствий

To mitigate this issue, prevent the sctp module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernelAffected
Red Hat Enterprise Linux 8kernel-rtAffected
Red Hat Enterprise Linux 9kernelAffected
Red Hat Enterprise Linux 9kernel-rtAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2150863kernel: possible use after free in lock_sock_nested of sock.c for the SCTP protocol

EPSS

Процентиль: 5%
0.0002
Низкий

6.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-20154

CVSS3: 6.4
ubuntu
больше 3 лет назад

In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel

nvd логотип

CVE-2022-20154

CVSS3: 6.4
nvd
больше 3 лет назад

In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel

debian логотип

CVE-2022-20154

CVSS3: 6.4
debian
больше 3 лет назад

In lock_sock_nested of sock.c, there is a possible use after free due ...

suse-cvrf логотип

SUSE-SU-2022:2460-1

suse-cvrf
больше 3 лет назад

Security update for the Linux Kernel (Live Patch 30 for SLE 15)

suse-cvrf логотип

SUSE-SU-2022:2443-1

suse-cvrf
больше 3 лет назад

Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP5)

EPSS

Процентиль: 5%
0.0002
Низкий

6.4 Medium

CVSS3