PT-2022-6979 · Oracle · Unbreakable Enterprise Kernel
Published
2022-12-17
·
Updated
2023-09-25
·
CVE-2023-22024
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Unbreakable Enterprise Kernel (UEK) (affected versions not specified)
Description
The issue is related to the RDS module in the Unbreakable Enterprise Kernel (UEK), which has two setsockopt(2) options,
RDS CONN RESET and RDS6 CONN RESET, that are not re-entrant. A malicious local user with CAP NET ADMIN can use this to crash the kernel, resulting in a denial of service. The problem is associated with incorrect clearance or release of resources.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unbreakable Enterprise Kernel