Memory leak in Linux kernel

#VU64079 Memory leak in Linux kernel

Published: 2022-06-08

Vulnerability identifier: #VU64079

Vulnerability risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1012

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient randomization in the net/ipv4/tcp.c when calculating port offsets in Linux kernel cause by small table perturb size. A remote attacker can cause memory leak and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://ubuntu.com/security/notices/USN-5471-1
http://bugzilla.redhat.com/show_bug.cgi?id=2064604

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Security Verify Governance

Multiple vulnerabilities in Siemens SIMATIC MV500 Devices

Multiple vulnerabilities in Dell Networking MX Series Switches

Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Multiple vulnerabilities in IBM Security Verify Access

Multiple vulnerabilities in Dell VxRail Appliance components

Multiple vulnerabilities in IBM MQ Appliance

Memory leak in IBM Hardware Management Console

Multiple vulnerabilities in IBM Elastic Storage System

Memory leak in IBM DataPower Gateway