CVE-2022-0435
First published: Mon Jan 31 2022(Updated: )
A remote stack overflow in the TIPC networking module. With FORTIFY_SOURCE's stricter memcpy() bounds checking, this can be exploited to cause remote DOS via kernel panic on systems using TIPC. Prior to these bounds checks, and with a canary leak (or no CONFIG_STACKPROTECTOR), this can be exploited for RCE. Reference: <a href="https://www.openwall.com/lists/oss-security/2022/02/10/1">https://www.openwall.com/lists/oss-security/2022/02/10/1</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-348.20.1.rt7.150.el8_5 | 0:4.18.0-348.20.1.rt7.150.el8_5 |
| redhat/kernel | <0:4.18.0-348.20.1.el8_5 | 0:4.18.0-348.20.1.el8_5 |
| redhat/kernel | <0:4.18.0-147.65.1.el8_1 | 0:4.18.0-147.65.1.el8_1 |
| redhat/kernel-rt | <0:4.18.0-193.80.1.rt13.130.el8_2 | 0:4.18.0-193.80.1.rt13.130.el8_2 |
| redhat/kernel | <0:4.18.0-193.80.1.el8_2 | 0:4.18.0-193.80.1.el8_2 |
| redhat/kernel-rt | <0:4.18.0-305.40.1.rt7.112.el8_4 | 0:4.18.0-305.40.1.rt7.112.el8_4 |
| redhat/kernel | <0:4.18.0-305.40.1.el8_4 | 0:4.18.0-305.40.1.el8_4 |
| redhat/kernel | <5.17 | 5.17 |
| Linux Kernel | >=4.8<4.9.301 | |
| Linux Kernel | >=4.10<4.14.266 | |
| Linux Kernel | >=4.15<4.19.229 | |
| Linux Kernel | >=4.20<5.4.179 | |
| Linux Kernel | >=5.5<5.10.100 | |
| Linux Kernel | >=5.11<5.15.23 | |
| Linux Kernel | >=5.16<5.16.9 | |
| Linux Kernel | =5.17 | |
| Linux Kernel | =5.17-rc1 | |
| Linux Kernel | =5.17-rc2 | |
| Linux Kernel | =5.17-rc3 | |
| Red Hat CodeReady Linux Builder | =8.0 | |
| Red Hat CodeReady Linux Builder | =8.4 | |
| Red Hat CodeReady Linux Builder | =8.2 | |
| Red Hat CodeReady Linux Builder for Power, little endian | =8.2 | |
| Red Hat CodeReady Linux Builder for Power, little endian | =8.0 | |
| Red Hat CodeReady Linux Builder for Power, little endian | =8.4 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux Server EUS | =8.2 | |
| Red Hat Enterprise Linux Server EUS | =8.4 | |
| Red Hat Enterprise Linux for IBM Z Systems | =8.0 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.2 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.4 | |
| Red Hat Enterprise Linux for Power, little endian | =8.0 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.2 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.4 | |
| Red Hat Enterprise Linux for Real Time | =8 | |
| Red Hat Enterprise Linux for Real Time for NFV | =8 | |
| Red Hat Enterprise Linux for Real Time for NFV | =8.2 | |
| Red Hat Enterprise Linux for Real Time for NFV | =8.4 | |
| Red Hat Enterprise Linux for Real Time | =8.2 | |
| Red Hat Enterprise Linux for Real Time | =8.4 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.2 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.4 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions | =8.2 | |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions | =8.4 | |
| All of | ||
| Any of | ||
| Red Hat Enterprise Virtualization | =4.0 | |
| Red Hat Virtualization Host EUS | =4.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| oVirt | =4.4.10 | |
| Red Hat Fedora | =34 | |
| Red Hat Fedora | =35 | |
| All of | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| All of | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700E | ||
| NetApp H700E | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| Red Hat Enterprise Virtualization | =4.0 | |
| Red Hat Virtualization Host EUS | =4.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700E | ||
| NetApp H700E | ||
| NetApp H700S | ||
| NetApp H700S | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.21-1 6.12.22-1 |
Remedy
The TIPC module will NOT be automatically loaded. When required, administrative action is needed to explicitly load this module. Loading the module can be prevented with the following instructions: # echo "install tipc /bin/true" >> /etc/modprobe.d/disable-tipc.conf The system will need to be restarted if the tipc module is loaded. In most circumstances, the TIPC kernel module will be unable to be unloaded while any network interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable.
Remedy
Ensure the tipc module is not loaded; unlike many other network protocols in the Linux kernel, the tipc module cannot be auto-loaded by an unprivileged user.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-0435 https://nvd.nist.gov/vuln/detail/CVE-2022-0435 https://www.openwall.com/lists/oss-security/2022/02/10/1
- https://bugzilla.redhat.com/show_bug.cgi?id=2048738
- https://access.redhat.com/errata/RHSA-2022:0819
- https://access.redhat.com/errata/RHSA-2022:0825
- https://access.redhat.com/errata/RHSA-2022:0849
- https://access.redhat.com/errata/RHSA-2022:1589
- https://access.redhat.com/errata/RHSA-2022:1619
- https://access.redhat.com/errata/RHSA-2022:1209
- https://access.redhat.com/errata/RHSA-2022:1186
- https://access.redhat.com/errata/RHSA-2022:1213
- https://access.redhat.com/errata/RHSA-2022:0771
- https://access.redhat.com/errata/RHSA-2022:0772
- https://access.redhat.com/errata/RHSA-2022:0777
- https://access.redhat.com/errata/RHSA-2022:0841
- https://access.redhat.com/security/cve/cve-2022-0435
- https://www.openwall.com/lists/oss-security/2022/02/10/1
- https://security.netapp.com/advisory/ntap-20220602-0001/
- https://launchpad.net/bugs/cve/CVE-2022-0435
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2053129
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2056597
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2065587
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2048738#c20
- https://git.centos.org/rpms/kernel/c/7ae59b72bcca86907a4a14fadbea4d30dfeef357?branch=c8s
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0435
- https://nvd.nist.gov/vuln/detail/CVE-2022-0435
- https://security-tracker.debian.org/tracker/CVE-2022-0435
- https://ubuntu.com/security/CVE-2022-0435
- https://git.kernel.org/linus/9aa422ad326634b76309e8ff342c246800621216
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2022-0435?
CVE-2022-0435 is classified as a high severity vulnerability due to its potential for remote denial of service via kernel panic.
How do I fix CVE-2022-0435?
To mitigate CVE-2022-0435, upgrade your kernel to versions 0:4.18.0-348.20.1.rt7.150.el8_5 or 0:4.18.0-348.20.1.el8_5 for Red Hat systems.
Which systems are affected by CVE-2022-0435?
CVE-2022-0435 affects multiple versions of the Linux kernel, particularly those utilizing TIPC networking in Red Hat and Fedora distributions.
Can CVE-2022-0435 lead to system exploitation?
Exploitation of CVE-2022-0435 can result in a remote denial of service, which may crash systems utilizing the vulnerable TIPC module.
Is CVE-2022-0435 a local or remote vulnerability?
CVE-2022-0435 is a remote vulnerability, allowing attackers to potentially cause harm without requiring local access.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-0435
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/source
- agent/author
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.8
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/5.17
- version/linux kernel/5.17-rc1
- version/linux kernel/5.17-rc2
- version/linux kernel/5.17-rc3
- vendor/redhat
- canonical/red hat codeready linux builder
- version/red hat codeready linux builder/8.0
- version/red hat codeready linux builder/8.4
- version/red hat codeready linux builder/8.2
- canonical/red hat codeready linux builder for power, little endian
- version/red hat codeready linux builder for power, little endian/8.2
- version/red hat codeready linux builder for power, little endian/8.0
- version/red hat codeready linux builder for power, little endian/8.4
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/8.2
- version/red hat enterprise linux server eus/8.4
- canonical/red hat enterprise linux for ibm z systems
- version/red hat enterprise linux for ibm z systems/8.0
- canonical/red hat enterprise linux for ibm z systems (s390x)
- version/red hat enterprise linux for ibm z systems (s390x)/8.2
- version/red hat enterprise linux for ibm z systems (s390x)/8.4
- canonical/red hat enterprise linux for power, little endian
- version/red hat enterprise linux for power, little endian/8.0
- canonical/red hat enterprise linux for power, little endian - extended update support
- version/red hat enterprise linux for power, little endian - extended update support/8.2
- version/red hat enterprise linux for power, little endian - extended update support/8.4
- canonical/red hat enterprise linux for real time
- version/red hat enterprise linux for real time/8
- canonical/red hat enterprise linux for real time for nfv
- version/red hat enterprise linux for real time for nfv/8
- version/red hat enterprise linux for real time for nfv/8.2
- version/red hat enterprise linux for real time for nfv/8.4
- version/red hat enterprise linux for real time/8.2
- version/red hat enterprise linux for real time/8.4
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/8.2
- version/red hat enterprise linux server/8.4
- canonical/red hat enterprise linux for sap applications for power, little endian - extended update support
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.2
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.4
- canonical/red hat enterprise linux server update services for sap solutions
- version/red hat enterprise linux server update services for sap solutions/8.2
- version/red hat enterprise linux server update services for sap solutions/8.4
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/4.0
- canonical/red hat virtualization host eus
- version/red hat virtualization host eus/4.0
- vendor/ovirt
- canonical/ovirt
- version/ovirt/4.4.10
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/34
- version/red hat fedora/35
- vendor/netapp
- canonical/netapp h300e
- canonical/netapp h300e firmware
- canonical/netapp h300s firmware
- canonical/netapp h410s
- canonical/netapp h410s firmware
- canonical/netapp h500s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700e
- canonical/netapp h700s
- package-manager/debian