Denial of service in Linux kernel Traffic Control (TC) subsystem

Mar 9, 2023 08:00 am Cyber Security 241

Published: 2023-03-09

Security Bulletin


This security bulletin contains one low risk vulnerability.



1) Deadlock


EUVDB-ID: #VU73186


Risk: Low


CVSSv3.1:


CVE-ID: CVE-2022-4269


CWE-ID: CWE-833 - Deadlock


Exploit availability: No


Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.


The vulnerability exists due to an error in the Linux kernel Traffic Control (TC) subsystem. A local user can use a specific network configuration (redirecting egress packets to ingress using TC action "mirred") to trigger a CPU soft lockup.


Mitigation

Install updates from vendor's website.


Vulnerable software versions

Linux kernel: All versions


CPE2.3
External links

http://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti%40redhat.com/


Q & A


Can this vulnerability be exploited remotely?


Is there known malware, which exploits this vulnerability?




###SIDEBAR###



Support the originator by clicking the read the rest link below.
denial service linux kernel traffic control subsystem
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!