A race condition flaw was found in the way core networking components were handling TCP packets with Malformed ICMP Redirect messages. This flaw could be exploited to crash or inappropriately disconnect a client or server.

An information disclosure flaw was found in the Linux kernel's implementation of basic device control devices. An unprivileged user in a guest OS can cause a privileged user in the host OS to leak host memory information.

A privilege escalation flaw was found in how some base system calls were implemented in the Linux kernel. This flaw could lead to a reduced level of protection compared to other systems.

A privilege escalation flaw was found in how memory was handled by the Linux kernel. An unprivileged user in a guest OS could potentially cause a privileged user in the host OS to leak host memory information.

A privilege escalation flaw was found in how some SELinux policies were applied in the Linux kernel. A local attacker could potentially use this flaw to access information or cause a denial of service (redirect of service) by running a specially crafted application.

A privilege escalation flaw was found in how some networking protocols were handled in the Linux kernel. A local attacker could potentially use this flaw to access information or cause a denial of service (redirect of service) by running a specially crafted application.

A flaw was found in how some signals were handled by the Linux kernel

Details of the CVE-2022-0435

The following is a description of the vulnerabilities found in Linux Kernel 4.14.43 and later versions:

WiFi Hotspot with WPA and WPS

WiFi hotspots are becoming more and more popular as a way to get on the internet without having to purchase a data plan.
Knowing how to set up your WiFi hotspot is important in order to provide an efficient service for your customers.
To ensure they can connect, you'll need to make sure that your WiFi hotspot uses WPA, and then you'll need to use Wi-Fi Protected Setup (WPS) if it is available.

What to do now?

This is a critical and highly-publicized security update. You should take steps to address the vulnerabilities listed above as soon as possible.

This is a critical public and highly-publicized security update. You should take steps to address the vulnerabilities listed above as soon as possible.

Timeline

Published on: 03/25/2022 19:15:00 UTC
Last modified on: 06/02/2022 20:15:00 UTC

References