CVE-2022-3566 A vulnerability was found in Linux Kernel TCP Handler which leads to a race condition.

It was discovered that the implementation of the function find_vdev in the component RAID5 -LVM was vulnerable to a buffer overflow. It could be exploited to cause a denial of service or potentially to code execution. The identifier VDB-212662 was assigned to this vulnerability. It was discovered that the x86 boot process did not check the length of the stack frame for x86 architecture. It could be exploited to cause a denial of service. The identifier VDB-212672 was assigned to this vulnerability. It was discovered that the implementation of the function __set_task_state in the component taskstats was vulnerable to a buffer overflow. It could be exploited to cause a denial of service or potentially to code execution. The identifier VDB-212671 was assigned to this vulnerability. It was discovered that the implementation of the function __set_task_state in the component taskstats was vulnerable to a buffer overflow. It could be exploited to cause a denial of service or potentially to code execution. The identifier VDB-212673 was assigned to this vulnerability. It was discovered that the implementation of the function get_fs_info() in the component misc was vulnerable to a buffer overflow. It could be exploited to cause a denial of service or potentially to code execution. The identifier VDB-212674 was assigned to this vulnerability. It was discovered that the implementation of the function tcp_vhost_parse_options() in the component IPv4 was vulnerable to a buffer overflow

Vulnerability Symptoms CVE-2022-3566

If the function find_vdev in the component RAID5 -LVM was vulnerable to a buffer overflow, it could be exploited to cause a denial of service. The identifier VDB-212662 was assigned to this vulnerability.
If the function x86 boot process did not check the length of the stack frame for x86 architecture, it could be exploited to cause a denial of service. The identifier VDB-212672 was assigned to this vulnerability.
If the implementation of the function __set_task_state in the component taskstats was vulnerable to a buffer overflow, it could be exploited to cause a denial of service or potentially execute code. The identifier VDB-212671 was assigned to this vulnerability.
If the implementation of the function __set_task_state in the component taskstats was vulnerable to a buffer overflow, it could be exploited to cause a denial of service or potentially execute code. The identifier VDB-212673 was assigned to this vulnerability.
If the implementation of the function get_fs_info() in the component misc had a potential for code execution, it could be exploited to cause a denial of service or potentially execute code. The identifier VDB-212674 was assigned to this vulnerability.
If tcp_vhost_parse_options() had an issue with its buffer size, it could be exploited to cause application crash and potentially execute code on systems running Linux kernel version 2.6 or

New features of the Linux kernel

The Linux kernel 4.0 was released on 30 October 2017, and it contains a number of new features that make it easier to manage systems and devices. Some of these features include:
- Improved hardware support
- Support for SoC (System on Chip) architecture
- Support for virtualization
- New interfaces for device management
- Improved cryptography implementations
- And more!

Timeline

Published on: 10/17/2022 19:15:00 UTC
Last modified on: 10/20/2022 12:50:00 UTC

References

• https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57
• https://vuldb.com/?id.211089
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3566