Linux · Linux Kernel · CVE-2022-48711
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to the tipc component of the Linux kernel, which has a problem with incorrect input validation. This can lead to a stack overflow when a node receives and processes domain record structs from peer nodes. The function `tipc mon rcv()` is used to receive and process these structs, and it is called from the function `tipc link proto rcv()`, where a 32-bit message data length field is read into a uint16. To prevent bit overflow, an extra sanity check is added to this function. The problem was identified by Eric Dumazet.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.