#VU64079 Memory leak in Linux kernel - CVE-2022-1012

Cybersecurity Help s.r.o.

Published: 2022-06-08

Vulnerability identifier: #VU64079

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-1012

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient randomization in the net/ipv4/tcp.c when calculating port offsets in Linux kernel cause by small table perturb size. A remote attacker can cause memory leak and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: before 5.18, 5.18

External links
https://ubuntu.com/security/notices/USN-5471-1
https://bugzilla.redhat.com/show_bug.cgi?id=2064604

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cloud Pak for Data

Multiple vulnerabilities in IBM Security Verify Governance

Multiple vulnerabilities in Siemens SIMATIC MV500 Devices

Multiple vulnerabilities in Dell Networking MX Series Switches

Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Multiple vulnerabilities in IBM Security Verify Access

Multiple vulnerabilities in Dell VxRail Appliance components

Anolis OS update for kernel(ANCK)4.19

Multiple vulnerabilities in IBM MQ Appliance