PT-2022-2155 · Linux+10 · Linux Kernel+10

Felix Fu

·

Published

2022-04-07

·

Updated

2024-06-15

·

CVE-2022-28893

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.17.2
Description The issue is related to the SUNRPC subsystem in the Linux kernel, where the function xs xprt free() can be called before ensuring that sockets are in the intended state. This is due to errors in state management. Exploitation of this issue can allow an attacker to cause a denial of service.
Recommendations For Linux kernel versions through 5.17.2, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-371CWE-416

Related Identifiers

ALSA-2022:7444
ALSA-2022:7683
ALSA-2022:7933
ALSA-2022:8267
ALT-PU-2022-1692
ALT-PU-2022-1730
ALT-PU-2022-1893
ALT-PU-2022-1903
ALT-PU-2022-1904
ALT-PU-2022-1907
ALT-PU-2022-1972
ALT-PU-2022-1974
ALT-PU-2022-2037
ALT-PU-2022-2038
ALT-PU-2022-2052
ALT-PU-2022-2136
ALT-PU-2022-2137
ALT-PU-2022-2152
ALT-PU-2022-2155
ALT-PU-2022-2278
ALT-PU-2023-4894
AZL-9332
BDU:2022-02112
CESA-2022_7444
CESA-2022_7683
CVE-2022-28893
DSA-5161-1
MGASA-2022-0194
MGASA-2022-0195
OESA-2022-1621
OPENSUSE-SU-2022_1676-1
OPENSUSE-SU-2022_1687-1
OPENSUSE-SU-2024:12017-1
OPENSUSE-SU-2024:13704-1
RHSA-2022:7444
RHSA-2022:7683
RHSA-2022:7933
RHSA-2022:8267
RHSA-2022_7444
RHSA-2022_7683
RHSA-2022_7933
RHSA-2022_8267
RHSA-2024:0724
RLSA-2022:7444
RLSA-2022:7683
SUSE-SU-2022:1669-1
SUSE-SU-2022:1676-1
SUSE-SU-2022:1687-1
SUSE-SU-2022:2104-1
SUSE-SU-2022_1669-1
SUSE-SU-2022_1676-1
SUSE-SU-2022_1687-1
USN-5544-1
USN-5562-1
USN-5564-1
USN-5566-1
USN-5582-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu