CVE-2022-21504

Name of the Vulnerable Software and Affected Versions UEK6 version U3

Description The code was missing an appropriate file descriptor count, resulting in a use count error. This allowed a file descriptor to a socket to be closed and freed while still in use by another portion of the kernel. An attack with local access can operate on the socket, causing a denial of service.

Recommendations For UEK6 version U3, consider restricting access to the affected socket to minimize the risk of exploitation. As a temporary workaround, disabling the use of the socket until a patch is available may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.