{ "threat_severity" : "Important", "public_date" : "2022-02-10T14:00:00Z", "bugzilla" : { "description" : "kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS", "id" : "2048738", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2048738" }, "cvss3" : { "cvss3_base_score" : "7.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-787", "details" : [ "A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.", "A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network." ], "statement" : "Red Hat recommends to use TIPC Encryption to secure TIPC procotol's payload or use transport level to separate and/or secure (by both encrypting and authenticating via eg. IPSec/MACSec) the communication between nodes.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-03-10T00:00:00Z", "advisory" : "RHSA-2022:0819", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-348.20.1.rt7.150.el8_5" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-03-10T00:00:00Z", "advisory" : "RHSA-2022:0825", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-348.20.1.el8_5" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-03-14T00:00:00Z", "advisory" : "RHSA-2022:0849", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date" : "2022-04-26T00:00:00Z", "advisory" : "RHSA-2022:1589", "cpe" : "cpe:/o:redhat:rhel_e4s:8.1", "package" : "kernel-0:4.18.0-147.65.1.el8_1" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date" : "2022-04-27T00:00:00Z", "advisory" : "RHSA-2022:1619", "cpe" : "cpe:/o:redhat:rhel_e4s:8.1", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2022-04-05T00:00:00Z", "advisory" : "RHSA-2022:1209", "cpe" : "cpe:/a:redhat:rhel_eus:8.2::nfv", "package" : "kernel-rt-0:4.18.0-193.80.1.rt13.130.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2022-04-05T00:00:00Z", "advisory" : "RHSA-2022:1186", "cpe" : "cpe:/o:redhat:rhel_eus:8.2", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2022-04-05T00:00:00Z", "advisory" : "RHSA-2022:1213", "cpe" : "cpe:/o:redhat:rhel_eus:8.2", "package" : "kernel-0:4.18.0-193.80.1.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date" : "2022-03-08T00:00:00Z", "advisory" : "RHSA-2022:0771", "cpe" : "cpe:/a:redhat:rhel_eus:8.4::nfv", "package" : "kernel-rt-0:4.18.0-305.40.1.rt7.112.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date" : "2022-03-08T00:00:00Z", "advisory" : "RHSA-2022:0772", "cpe" : "cpe:/o:redhat:rhel_eus:8.4", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date" : "2022-03-08T00:00:00Z", "advisory" : "RHSA-2022:0777", "cpe" : "cpe:/o:redhat:rhel_eus:8.4", "package" : "kernel-0:4.18.0-305.40.1.el8_4" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date" : "2022-03-14T00:00:00Z", "advisory" : "RHSA-2022:0841", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package" : "redhat-virtualization-host-0:4.4.10-202203101736_8.5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-0435\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0435\nhttps://www.openwall.com/lists/oss-security/2022/02/10/1" ], "name" : "CVE-2022-0435", "mitigation" : { "value" : "The TIPC module will NOT be automatically loaded. When required, administrative action is needed to explicitly load this module.\nLoading the module can be prevented with the following instructions:\n# echo \"install tipc /bin/true\" >> /etc/modprobe.d/disable-tipc.conf\nThe system will need to be restarted if the tipc module is loaded. In most circumstances, the TIPC kernel module will be unable to be unloaded while any network interfaces are active and the protocol is in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.", "lang" : "en:us" }, "csaw" : false }