For example, when nvme_hd_alloc_cq() is called, and then nvme_rq_get_cmd() is called without nvme_rq_is_complete() returning true, then a remote denial of service may occur.

A race condition in the vhost_vring_create() function in the Linux kernel could result in information being released before it was allocated. This could potentially allow local users to obtain potentially sensitive information from kernel memory.

It was discovered that the Netlink interface of the Linux kernel did not properly validate encodings. An attacker could craft an xt_netlink_xmit_XXX() message and send it to a user process, possibly cross-ringing that process’s assigned network interface, to which an attacker could connect. An attacker could then use this cross-ring connection to send malformed packets to that user process’s network connection.

It was discovered that a race condition existed in the Linux kernel’s implementation of the netback protocol. A local attacker could use this flaw to cause a denial of service.

Red Hat discovered a flaw in the Linux kernel’s user-mode input validation of URB keys. A local user could exploit this flaw to gain privileges by sending specially crafted input to the kernel.

There was a flaw in the Linux kernel’s handling of ‘invisible’ sendters

Linux kernel versions and distributions supported

Linux kernel versions 4.0 and later, Red Hat Enterprise Linux 7, SUSE CaaS Platform 3.0 are supported.

What is Red Hat doing to protect against this flaw?

Red Hat is providing a kernel update to fix this issue.

Attack Vector

There is a vulnerability in the Linux kernel’s handling of URB keys. A local user could exploit this flaw to gain privileges by sending specially crafted input to the kernel.

A flaw in the handling of invisible senders in the Netlink interface could allow an attacker to send malformed packets to a user process and cross-ring that process’s assigned network interface, potentially allowing an attacker to connect to the user process’s network connection.

Timeline

Published on: 09/09/2022 15:15:00 UTC
Last modified on: 09/14/2022 17:45:00 UTC

References