CVE-2022-3636 An issue was found in Linux Kernel, which affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free.

ETMC. The firmware update will be released soon. The detailed information about the patch and the applicable firmware versions can be found on the official website.

Another critical vulnerability has been found in the Redis server. This affects the function of the file src/redis/redis_cls_h.c. It was discovered that there is a stack-based buffer overflow. If Redis is used by other services on the same machine, then it can be exploited to cause a Denial of Service. ETMC will release the respective firmware update soon. The list of Redis servers where this issue has been found can be found on the official website.

It is recommended to apply these updates as soon as possible. For more information, you can contact the vendors directly.

How to Apply Operating System Update on Unix/Linux

The following information will help you apply the latest OS update on Unix/Linux:

- Backup any data that is important to you.
- If using an operating system upgrade, ensure that your server is rebooted after applying the upgrade.
- Check if the patch is applicable for your system's type. That is, check if your OS supports the respective patch or not.
- Make sure that you are using a supported version of Redis by checking its official website for updates. This can be done by typing redis -v in the terminal or by clicking "Redis" in the top menu bar and selecting "About."

How to check if your system is vulnerable to the Redis server vulnerability

The vulnerability was discovered in the function in the file src/redis/redis_cls_h.c. The particular stack-based buffer overflow was found to be exploitable on systems that use Redis’ functions.

Redis 2.6.0 Release Information

Was discovered on the 21st of February, 2018 and published on the 27th.
The release of Redis 2.6.0 has been delayed because of a critical vulnerability that was found in the function src/redis/redis_cls_h.c. This is a stack-based buffer overflow that can be exploited to cause a Denial of Service. It affects all versions of Redis 2.6 and onward and affects both standalone servers and installations in which Redis is running on other services like Nginx or Apache.
ETMC will release the respective firmware update soon to resolve this issue and prevent it from being exploited.

Timeline

Published on: 10/21/2022 11:15:00 UTC
Last modified on: 10/24/2022 18:51:00 UTC

References

• https://vuldb.com/?id.211935
• https://git.kernel.org/pub/scm/linux/kernel/git/pabeni/net-next.git/commit/?id=17a5f6a78dc7b8db385de346092d7d9f9dc24df6
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3636