A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
Attack Vector Network
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:N/AC:L/Au:S/C:C/I:C/A:C
Vendors | Products |
---|---|
Netapp |
|
Redhat |
|
Fedoraproject |
|
Linux |
|
Ovirt |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
AND |
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
AND |
|
Configuration 7 [-]
AND |
|
Configuration 8 [-]
AND |
|
Configuration 9 [-]
AND |
|
Configuration 10 [-]
AND |
|
Configuration 11 [-]
AND |
|
Configuration 12 [-]
AND |
|
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2048738 | Issue Tracking Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220602-0001/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/02/10/1 | Exploit Mailing List Mitigation Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-03-25T00:00:00
Updated: 2022-10-07T00:00:00
Reserved: 2022-01-31T00:00:00
Link: CVE-2022-0435
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-25T19:15:10.100
Modified: 2023-02-14T19:36:46.570
Link: CVE-2022-0435
JSON object: View
Redhat Information
No data.
CWE