SB2024071772 - Improper locking in Linux kernel ipv4
Published: July 17, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071772
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2022-48810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6mr_rules_init() function in net/ipv6/ip6mr.c, within the ipmr_rules_init() function in net/ipv4/ipmr.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/80c529322600dfb1f985b5e3f14c3c6f522ce154
- https://git.kernel.org/stable/c/b541845dfc4e7df551955e70deec0921d6b297c3
- https://git.kernel.org/stable/c/12b6703e9546902c56b4b9048b893ad49d62bdd4
- https://git.kernel.org/stable/c/16dcfde98a25340ff0f7879a16bea141d824a196
- https://git.kernel.org/stable/c/09ac0fcb0a82d647f2c61d3d488d367b7ee5bd51
- https://git.kernel.org/stable/c/3cab045c99dbb9a94eb2d1d405f399916eec698a
- https://git.kernel.org/stable/c/feb9597e22755dce782aae26ac0590c06737e049
- https://git.kernel.org/stable/c/5611a00697c8ecc5aad04392bea629e9d6a20463
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.267
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.302
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.101
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.180