SB2024082232 - Improper locking in Linux kernel ipv4
Published: August 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024082232
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2022-48936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c, within the inet_gso_segment() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/45d006c2c7ed7baf1fa258fa7b5bc9923d3a983e
- https://git.kernel.org/stable/c/7840e559799a08a8588ee6de27516a991cb2e5e7
- https://git.kernel.org/stable/c/e9ffbe63f6f32f526a461756309b61c395168d73
- https://git.kernel.org/stable/c/2b3cdd70ea5f5a694f95ea1788393fb3b83071ea
- https://git.kernel.org/stable/c/dac2490d9ee0b89dffc72f1172b8bbeb60eaec39
- https://git.kernel.org/stable/c/899e56a1ad435261812355550ae869d8be3df395
- https://git.kernel.org/stable/c/a739963f43269297c3f438b776194542e2a97499
- https://git.kernel.org/stable/c/cc20cced0598d9a5ff91ae4ab147b3b5e99ee819
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.269
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.304
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.103
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.182