#VU66476 Input validation error in Linux kernel - CVE-2022-36946


| Updated: 2022-08-14

Vulnerability identifier: #VU66476

Vulnerability risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2022-36946

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the nfqnl_mangle() function in net/netfilter/nfnetlink_queue.c in the Linux kernel when processing IPv6 packets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://marc.info/?l=netfilter-devel&m=165883202007292&w=2

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell RecoverPoint for Virtual Machines
Amazon Linux AMI update for kernel
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13
Red Hat Enterprise Linux 8.6 Extended Update Support update for kernel
Multiple vulnerabilities in Siemens SIMATIC MV500 Devices
Multiple vulnerabilities in Siemens Integrated SCALANCE S615 of SINAMICS Medium Voltage products
SUSE update for the Linux Kernel
Multiple vulnerabilities in IBM Spectrum Protect Plus
Multiple vulnerabilities in Siemens RUGGEDCOM and SCALANCE Products
Multiple vulnerabilities in IBM Spectrum Copy Data Management