CVE-2022-3606 A vulnerability was found in the Linux Kernel. It is categorized as a problematic issue. The BPF library's function find_prog_by_sec_insn can be used to crash the system.

This issue has been assigned CVSS score of 5.1. Linux is the most widely used Operating System for servers, cloud, and data centers. It is available for most of the devices like smartphones, tablets, PCs, etc. In order to make Linux run smoothly on all these devices, it is necessary to keep in mind all the possible issues and vulnerabilities that may be present in that particular version. It is the duty of the system administrators to keep a constant check on the updates received by their Linux systems. When any new update is received then they must be tested on that particular version to check whether it has any security issues. If any such issue is found then it must be reported to the concerned authorities immediately.

Linux kernel version - 4.15.0 -38.54

Linux kernel version - 4.15.0-38.54 has been released recently with some security issues fixed. In order to test whether this update is safe or not, it is necessary to install it on a testing machine and run the following commands:
uname -a
uname -r
uname -m

Apache HTTP Server

Apache HTTP Server is the most in-demand web server of the Internet. It is used to serve web pages on a wide range of platforms and operating systems like Microsoft Windows, Apple Mac OS X, Unix/Linux, etc.

Linux Kernel: How is it different?

Linux kernel is the heart of Linux. It ensures smooth functioning, performance, and security of the Operating System. Linux kernel has been updated thousands of times since its release and every update has been tested by the system administrators to check whether it has any security issues or not. If any such issue is found then they must be reported to the concerned authorities immediately.

Linux Kernel Networking Vulnerabilities

There are many vulnerabilities present in the Linux kernel. Some of these vulnerabilities have been assigned CVE-2022-3606. The major vulnerability is a privilege escalation vulnerability present in the linux distro version 4.15, which allows an attacker to get root privileges on the system. This issue has also been assigned CVE-2022-3692 and CVE-2022-3693. These two issues have been fixed with the release of Linux distro version 4.16. Other vulnerabilities that have been assigned CVE-2022-3606 are:

1) CVE-2018-885
2) CVE-2018-8945
3) CVE-2019-11091
4) CVE-2019-7980

Overview of the Linux Vulnerability CVE-2022-3606

This is a high severity vulnerability that has been assigned CVSS score of 5.1. This means, it is not only critical for the system administrators but also for anyone who is using this vulnerable version of Linux. This vulnerability occurs due to lack of proper validation in Linux kernel and allows hackers to gain root access to the device with just few clicks. It can also be exploited by attackers to remotely crash the device or eavesdrop on data transmitted from it.

Timeline

Published on: 10/19/2022 09:15:00 UTC
Last modified on: 10/21/2022 20:18:00 UTC

References

• https://vuldb.com/?id.211749
• https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d382f95a9270dcf803539d6781d6bd67e3f5b2
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3606