In the specific configuration of the fuzzer, the system was found to crash with a use-after-free condition. This could be exploited by a local attacker to crash the system.
RCE was found in the Linux kernel. An attacker could leverage this vulnerability to bypass kernel Address Space Layout Randomization (ASLR), and potentially run arbitrary code on the system. This vulnerability does not affect Ubuntu/Mint/Debian users who are running a supported version of Linux. It was found on Ubuntu 16.04. It could be exploited by tricking a victim into installing a malicious package. A attacker could leverage this vulnerability to run arbitrary code on the affected system. It was found on Debian 9. It could be exploited by tricking a victim into installing a malicious package. A attacker could leverage this vulnerability to run arbitrary code on the affected system. It was found on Red Hat Enterprise Linux 7.5. An attacker could leverage this vulnerability to run arbitrary code on the affected system. It was found on SUSE Linux Enterprise Server 12. It could be exploited by tricking a victim into installing a malicious package. A attacker could leverage this vulnerability to run arbitrary code on the affected system. It was found on Gentoo Linux. An attacker could leverage this vulnerability to run arbitrary code on the affected system. It was found on OpenSuSE. It could be exploited by tricking a victim into installing a malicious package
Impact
"This vulnerability does not affect Ubuntu/Mint/Debian users who are running a supported version of Linux."
A remote attacker could exploit this vulnerability to execute arbitrary code on the affected system.
Vulnerability details
An issue was found in the Linux kernel on Ubuntu 16.04. A vulnerability could allow a local attacker to bypass kernel Address Space Layout Randomization (ASLR) and potentially run arbitrary code on the system.
A vulnerability was found in Red Hat Enterprise Linux 7.5. A vulnerability could allow a local attacker to bypass kernel Address Space Layout Randomization (ASLR) and potentially run arbitrary code on the system.
A vulnerability was found in the Linux kernel on Debian 9. A vulnerability could allow a local attacker to bypass kernel Address Space Layout Randomization (ASLR) and potentially run arbitrary code on the system.
A vulnerability was found in SUSE Linux Enterprise Server 12. A vulnerability could allow a local attacker to bypass kernel Address Space Layout Randomization (ASLR) and potentially run arbitrary code on the system.
A vulnerability was found in Gentoo Linux. A vulnerability could allow a local attacker to bypass kernel Address Space Layout Randomization (ASLR) and potentially run arbitrary code on the system.
A vulnerability was found in OpenSuSE 12-SP1 build 151010-1121, it can be exploited by tricking a victim into installing a malicious package, which has been reported as CVE-2022-0487
Timeline
Published on: 02/04/2022 23:15:00 UTC
Last modified on: 04/30/2022 02:40:00 UTC
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2044561
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://www.debian.org/security/2022/dsa-5096
- https://www.debian.org/security/2022/dsa-5095
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0487