CVE-2022-2588: (Pwn2Own) Linux Kernel route4_change Double Free Privilege Escalation Vulnerability

First published: Wed Aug 03 2022(Updated: )

A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.

Credit: security@ubuntu.com security@ubuntu.com

Affected Software	Affected Version	How to fix
redhat/kernel-rt	<0:3.10.0-1160.80.1.rt56.1225.el7	0:3.10.0-1160.80.1.rt56.1225.el7
redhat/kernel	<0:3.10.0-1160.80.1.el7	0:3.10.0-1160.80.1.el7
redhat/kernel	<0:3.10.0-693.106.1.el7	0:3.10.0-693.106.1.el7
redhat/kernel	<0:3.10.0-957.99.1.el7	0:3.10.0-957.99.1.el7
redhat/kernel	<0:3.10.0-1062.76.1.el7	0:3.10.0-1062.76.1.el7
redhat/kernel-rt	<0:4.18.0-372.32.1.rt7.189.el8_6	0:4.18.0-372.32.1.rt7.189.el8_6
redhat/kernel	<0:4.18.0-372.32.1.el8_6	0:4.18.0-372.32.1.el8_6
redhat/kernel	<0:4.18.0-147.76.1.el8_1	0:4.18.0-147.76.1.el8_1
redhat/kernel	<0:4.18.0-193.93.1.el8_2	0:4.18.0-193.93.1.el8_2
redhat/kernel-rt	<0:4.18.0-193.93.1.rt13.143.el8_2	0:4.18.0-193.93.1.rt13.143.el8_2
redhat/kernel-rt	<0:4.18.0-305.65.1.rt7.137.el8_4	0:4.18.0-305.65.1.rt7.137.el8_4
redhat/kernel	<0:4.18.0-305.65.1.el8_4	0:4.18.0-305.65.1.el8_4
Linux kernel
redhat/kernel	<3.10	3.10
Linux Linux kernel	<4.9.326
Linux Linux kernel	>=4.10<4.14.291
Linux Linux kernel	>=4.15<4.19.256
Linux Linux kernel	>=4.20<5.4.211
Linux Linux kernel	>=5.5<5.10.137
Linux Linux kernel	>=5.11<5.15.61
Linux Linux kernel	>=5.16<5.18.18
Linux Linux kernel	>=5.19<5.19.2
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=20.04
Canonical Ubuntu Linux	=22.04
debian/linux		5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1

Remedy

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Remedy

https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/redhat-cve
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/weakness
agent/title
agent/author
agent/severity
collector/zdi-advisory
source/ZDI
alias/ZDI-22-1117
alias/ZDI-CAN-17440
alias/CVE-2022-2588
agent/software-canonical-lookup
collector/redhat-bugzilla
source/Red Hat
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
collector/usn-cve
source/Ubuntu
collector/nvd-cve
collector/security-tracker-debian
source/Debian
agent/last-modified-date
agent/references
agent/remedy
agent/tags
agent/description
agent/softwarecombine
agent/event
agent/trending
package-manager/redhat
vendor/linux
canonical/linux kernel
canonical/linux linux kernel
version/linux linux kernel/4.10
version/linux linux kernel/4.15
version/linux linux kernel/4.20
version/linux linux kernel/5.5
version/linux linux kernel/5.11
version/linux linux kernel/5.16
version/linux linux kernel/5.19
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/20.04
version/canonical ubuntu linux/22.04
package-manager/debian

CVE-2022-2588: (Pwn2Own) Linux Kernel route4_change Double Free Privilege Escalation Vulnerability

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact