CVE-2022-0435

critical-risk

Published 2022-03-25

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

Do I need to act?

54.3% chance of exploitation in next 30 days

EPSS score — higher than 46% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Linux Kernel

Codeready Linux Builder

Codeready Linux Builder Eus

Codeready Linux Builder Eus For Power Little Endian

Codeready Linux Builder For Power Little Endian Eus

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux For Ibm Z Systems

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Power Little Endian

Enterprise Linux For Power Little Endian Eus

Affected Vendors

Redhat Linux Fedoraproject Netapp Ovirt

References (6)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2048738

Third Party Advisory https://security.netapp.com/advisory/ntap-20220602-0001/

Exploit https://www.openwall.com/lists/oss-security/2022/02/10/1

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2048738

Third Party Advisory https://security.netapp.com/advisory/ntap-20220602-0001/

Exploit https://www.openwall.com/lists/oss-security/2022/02/10/1

/ 100

critical-risk

Severity 30/34 · Critical

Exploitability 18/34 · Moderate

Exposure 25/34 · High