#VU67477 Race condition in Linux kernel


Published: 2022-09-20

Vulnerability identifier: #VU67477

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-3028

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE

External links
http://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5
http://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Oracle Communications Diameter Signaling Router
Multiple vulnerabilities in Dell VxRail Appliance components
SUSE update for the Linux Kernel
Ubuntu update for linux-azure
Multiple vulnerabilities in Dell NetWorker vProxy
Slackware Linux update for kernel
Ubuntu update for linux-gcp-5.4
Ubuntu update for linux-gcp
Ubuntu update for linux-azure-fde
Ubuntu update for linux-gcp-5.15