CVE-2022-48810

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0

Description The vulnerability is related to the ipmr and ip6mr components of the Linux kernel, which are responsible for multicast routing. The issue arises from the failure to acquire the RTNL lock before calling the ip[6]mr free table() function on the failure path, leading to a potential denial-of-service condition. The RTNL lock is a mechanism used to protect the network namespace from concurrent modifications. When this lock is not acquired, it can result in unpredictable behavior, including crashes or freezes. The vulnerability can be exploited by an attacker to cause a denial-of-service condition, potentially disrupting network services.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions 5.16.0 and later should include the necessary patches to address this issue. Ensure that all affected systems are updated to prevent potential exploitation. If updating is not immediately possible, consider implementing additional monitoring and security measures to detect and respond to potential attacks exploiting this vulnerability.