CVE-2022-2588: (Pwn2Own) Linux Kernel route4_change Double Free Privilege Escalation Vulnerability
First published: Wed Aug 03 2022(Updated: )
A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.
Credit: security@ubuntu.com security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.80.1.rt56.1225.el7 | 0:3.10.0-1160.80.1.rt56.1225.el7 |
| redhat/kernel | <0:3.10.0-1160.80.1.el7 | 0:3.10.0-1160.80.1.el7 |
| redhat/kernel | <0:3.10.0-693.106.1.el7 | 0:3.10.0-693.106.1.el7 |
| redhat/kernel | <0:3.10.0-957.99.1.el7 | 0:3.10.0-957.99.1.el7 |
| redhat/kernel | <0:3.10.0-1062.76.1.el7 | 0:3.10.0-1062.76.1.el7 |
| redhat/kernel-rt | <0:4.18.0-372.32.1.rt7.189.el8_6 | 0:4.18.0-372.32.1.rt7.189.el8_6 |
| redhat/kernel | <0:4.18.0-372.32.1.el8_6 | 0:4.18.0-372.32.1.el8_6 |
| redhat/kernel | <0:4.18.0-147.76.1.el8_1 | 0:4.18.0-147.76.1.el8_1 |
| redhat/kernel | <0:4.18.0-193.93.1.el8_2 | 0:4.18.0-193.93.1.el8_2 |
| redhat/kernel-rt | <0:4.18.0-193.93.1.rt13.143.el8_2 | 0:4.18.0-193.93.1.rt13.143.el8_2 |
| redhat/kernel-rt | <0:4.18.0-305.65.1.rt7.137.el8_4 | 0:4.18.0-305.65.1.rt7.137.el8_4 |
| redhat/kernel | <0:4.18.0-305.65.1.el8_4 | 0:4.18.0-305.65.1.el8_4 |
| redhat/kernel | <3.10 | 3.10 |
| Linux Kernel | <4.9.326 | |
| Linux Kernel | >=4.10<4.14.291 | |
| Linux Kernel | >=4.15<4.19.256 | |
| Linux Kernel | >=4.20<5.4.211 | |
| Linux Kernel | >=5.5<5.10.137 | |
| Linux Kernel | >=5.11<5.15.61 | |
| Linux Kernel | >=5.16<5.18.18 | |
| Linux Kernel | >=5.19<5.19.2 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =20.04 | |
| Ubuntu Linux | =22.04 | |
| Linux kernel | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-2588 https://nvd.nist.gov/vuln/detail/CVE-2022-2588 https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u
- https://bugzilla.redhat.com/show_bug.cgi?id=2114849
- https://access.redhat.com/errata/RHSA-2022:7338
- https://access.redhat.com/errata/RHSA-2022:7337
- https://access.redhat.com/errata/RHSA-2022:7344
- https://access.redhat.com/errata/RHSA-2022:7146
- https://access.redhat.com/errata/RHSA-2022:7171
- https://access.redhat.com/errata/RHSA-2022:7173
- https://access.redhat.com/errata/RHSA-2023:4022
- https://access.redhat.com/errata/RHSA-2023:4023
- https://access.redhat.com/errata/RHSA-2022:7134
- https://access.redhat.com/errata/RHSA-2022:7110
- https://access.redhat.com/errata/RHSA-2022:7137
- https://access.redhat.com/errata/RHSA-2022:6872
- https://access.redhat.com/errata/RHSA-2022:6875
- https://access.redhat.com/errata/RHSA-2022:7279
- https://access.redhat.com/errata/RHSA-2022:7280
- https://access.redhat.com/errata/RHSA-2022:7885
- https://access.redhat.com/errata/RHSA-2022:6991
- https://access.redhat.com/errata/RHSA-2022:6978
- https://access.redhat.com/errata/RHSA-2022:6983
- https://access.redhat.com/errata/RHSA-2022:6551
- https://access.redhat.com/security/cve/cve-2022-2588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
- https://github.com/Markakd/CVE-2022-2588
- https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u
- https://ubuntu.com/security/notices/USN-5557-1
- https://ubuntu.com/security/notices/USN-5560-1
- https://ubuntu.com/security/notices/USN-5560-2
- https://ubuntu.com/security/notices/USN-5562-1
- https://ubuntu.com/security/notices/USN-5564-1
- https://ubuntu.com/security/notices/USN-5565-1
- https://ubuntu.com/security/notices/USN-5566-1
- https://ubuntu.com/security/notices/USN-5567-1
- https://ubuntu.com/security/notices/USN-5582-1
- https://ubuntu.com/security/notices/USN-5588-1
- https://www.openwall.com/lists/oss-security/2022/08/09/6
- https://www.zerodayinitiative.com/advisories/ZDI-22-1117/
- https://launchpad.net/bugs/cve/CVE-2022-2588
- https://seclists.org/oss-sec/2022/q3/115
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2117014
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2132973
- https://nvd.nist.gov/vuln/detail/CVE-2022-2588
- https://security-tracker.debian.org/tracker/CVE-2022-2588
- https://ubuntu.com/security/CVE-2022-2588
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/title
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-2588
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/description
- agent/trending
- agent/source
- collector/security-tracker-debian
- source/Debian
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-1117
- alias/ZDI-CAN-17440
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/event
- collector/nvd-api
- agent/tags
- agent/softwarecombine
- package-manager/redhat
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/5.19
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/20.04
- version/ubuntu linux/22.04