A NULL pointer dereference flaw was discovered in the kernel’s network io_setup_xmit() function. A local user could potentially use this flaw to crash the system or, potentially, to escalate their privileges on the system.

A race condition issue was discovered in the Linux kernel’s version of the key infrastructure component Networking component (NETLINK) when using change_lock to acquire a lock on the same key multiple times. This could result in the acquisition of an unintended lock or cause other issues.

A flaw was found in the Linux kernel’s handling of 'reducable' errors when reading the status of network connections it has made.

An issue was discovered with the Linux kernel’s version of the key infrastructure component Networking component (NETLINK) when a socket operation occurs that results in the sending of a single packet. This can be exploited by a local user to cause a denial of service (kernel panic).

An issue was discovered with the way the Linux kernel’s keyring subsystem handled when there was no longer any free keys. Due to a possible race condition, a user on a non-defaultated network domain could potentially access information about other network sessions when trying to

Linux kernel based on the Auditing for Security Development Build

The Linux kernel includes the Auditing for Security Development Build, a tool to help security auditors track down vulnerabilities. This tool is based on the latest stable branch of the Linux kernel.

On top of this, it allows security auditors to identify if they are running on a system that has been compromised and infected by using several tools:
- dmesg
- lsmod
- procps
- syslog
- strace

Supported Versions

These vulnerabilities affect the following Linux kernel versions:
2.6.32, 2.6.34, 2.6.35, 2.6.36, 2.6.37, and 4.4

Security Improvements

Linux kernel security changes:
CVE-2022-40476
A NULL pointer dereference flaw was discovered in the kernel’s network io_setup_xmit() function. A local user could potentially use this flaw to crash the system or, potentially, to escalate their privileges on the system.

A race condition issue was discovered in the Linux kernel’s version of the key infrastructure component Networking component (NETLINK) when using change_lock to acquire a lock on the same key multiple times. This could result in the acquisition of an unintended lock or cause other issues.

A flaw was found in the Linux kernel’s handling of 'reducable' errors when reading the status of network connections it has made.

Check for easy vulnerabilities on your server

A NULL pointer dereference flaw was discovered in the kernel’s network io_setup_xmit() function. A local user could potentially use this flaw to crash the system or, potentially, to escalate their privileges on the system.

A race condition issue was discovered in the Linux kernel’s version of the key infrastructure component Networking component (NETLINK) when using change_lock to acquire a lock on the same key multiple times. This could result in the acquisition of an unintended lock or cause other issues.

A flaw was found in the Linux kernel’s handling of 'reducable' errors when reading the status of network connections it has made.

An issue was discovered with the Linux kernel’s version of the key infrastructure component Networking component (NETLINK) when a socket operation occurs that results in the sending of a single packet. This can be exploited by a local user to cause a denial of service (kernel panic).

An issue was discovered with the way the Linux kernel’s keyring subsystem handled when there was no longer any free keys. Due to a possible race condition, a user on a non-defaultated network domain could potentially access information about other network sessions when trying to

Timeline

Published on: 09/14/2022 21:15:00 UTC
Last modified on: 09/17/2022 01:57:00 UTC

References