First published: Mon Mar 21 2022(Updated: )
A vulnerability was found in pfkey_register in net/key/af_key.c in the Linux kernel. In this flaw, a local unprivileged user may gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Reference: <a href="https://lore.kernel.org/all/20220321215240.490132-2-sashal@kernel.org/">https://lore.kernel.org/all/20220321215240.490132-2-sashal@kernel.org/</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:4.18.0-372.32.1.rt7.189.el8_6 | 0:4.18.0-372.32.1.rt7.189.el8_6 |
redhat/kernel | <0:4.18.0-372.32.1.el8_6 | 0:4.18.0-372.32.1.el8_6 |
redhat/kernel-rt | <0:4.18.0-193.90.1.rt13.140.el8_2 | 0:4.18.0-193.90.1.rt13.140.el8_2 |
redhat/kernel | <0:4.18.0-193.90.1.el8_2 | 0:4.18.0-193.90.1.el8_2 |
redhat/kernel-rt | <0:4.18.0-305.62.1.rt7.134.el8_4 | 0:4.18.0-305.62.1.rt7.134.el8_4 |
redhat/kernel | <0:4.18.0-305.62.1.el8_4 | 0:4.18.0-305.62.1.el8_4 |
redhat/kernel | <0:5.14.0-162.6.1.el9_1 | 0:5.14.0-162.6.1.el9_1 |
redhat/kernel-rt | <0:5.14.0-162.6.1.rt21.168.el9_1 | 0:5.14.0-162.6.1.rt21.168.el9_1 |
redhat/kernel | <0:5.14.0-70.70.1.el9_0 | 0:5.14.0-70.70.1.el9_0 |
redhat/kernel-rt | <0:5.14.0-70.70.1.rt21.141.el9_0 | 0:5.14.0-70.70.1.rt21.141.el9_0 |
redhat/kernel | <5.17 | 5.17 |
Linux Kernel | <5.17 | |
Linux Kernel | =5.17-rc1 | |
Linux Kernel | =5.17-rc2 | |
Linux Kernel | =5.17-rc3 | |
Linux Kernel | =5.17-rc4 | |
Linux Kernel | =5.17-rc5 | |
Linux Kernel | =5.17-rc6 | |
Linux Kernel | =5.17-rc7 | |
Linux Kernel | =5.17-rc8 | |
Debian Linux | =9.0 | |
Debian Linux | =10.0 | |
Debian Linux | =11.0 | |
Red Hat Enterprise Linux | =8.0 | |
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
NetApp H700S | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
NetApp H500S Firmware | ||
NetApp H500e Firmware | ||
NetApp H700E | ||
NetApp H700E | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
All of | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
All of | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700S | ||
NetApp H700S | ||
All of | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
All of | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
All of | ||
NetApp H500S Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700E | ||
NetApp H700E | ||
All of | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
NetApp Baseboard Management Controller Firmware | ||
NetApp Baseboard Management Controller H300S | ||
NetApp Baseboard Management Controller Firmware | ||
NetApp Baseboard Management Controller H500S | ||
NetApp Baseboard Management Controller Firmware | ||
NetApp Baseboard Management Controller H700S | ||
NetApp Baseboard Management Controller Firmware | ||
NetApp Baseboard Management Controller H410S | ||
NetApp Baseboard Management Controller Firmware | ||
NetApp Baseboard Management Controller H300E | ||
NetApp Baseboard Management Controller H500E Firmware | ||
NetApp Baseboard Management Controller H500E Firmware | ||
NetApp Baseboard Management Controller H700E Firmware | ||
NetApp Baseboard Management Controller H700E Firmware | ||
NetApp Baseboard Management Controller H410C | ||
NetApp Baseboard Management Controller H410C Firmware | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-1353 has been categorized with a high severity rating due to its potential for kernel memory access and possible system crashes.
To mitigate CVE-2022-1353, ensure that your system is updated to the recommended kernel versions specified by Red Hat, such as 0:4.18.0-372.32.1.el8_6 or later.
CVE-2022-1353 affects Linux kernel installations on systems utilizing kernel versions before the patched releases provided by Red Hat.
CVE-2022-1353 is a local privilege escalation vulnerability that allows an unprivileged user to access kernel memory.
No, CVE-2022-1353 requires local access to the system, making it a local execution vulnerability.