CVE-2022-4378: Buffer Overflow
First published: Mon Dec 12 2022(Updated: )
A flaw stack overflow in the Linux Kernel found. If user have access to SYSCTL (dynamically changing certain kernel parameters and variables), then can provide incorrect input to the function do_proc_dointvec leading to system crash or potentially privileges escalation. Known example of such incorrect input by local user for the /proc/sys/net/ipv4/tcp_rmem , but it could be other situations when this function being used. References: <a href="https://seclists.org/oss-sec/2022/q4/178">https://seclists.org/oss-sec/2022/q4/178</a> <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch">https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch</a> <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch">https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.0.12 | 6.0.12 |
| Linux Kernel | >=4.9.0<=4.9.337 | |
| Linux Kernel | >=4.14.0<=4.14.302 | |
| Linux Kernel | >=4.19.0<=4.19.269 | |
| Linux Kernel | >=5.4.0<=5.4.228 | |
| Linux Kernel | >=5.10.0<=5.10.162 | |
| Linux Kernel | >=5.15.0<=5.15.86 | |
| Linux Kernel | >=6.0.0<=6.0.11 | |
| IBM InfoSphere Guardium z/OS | <=11.3 | |
| IBM InfoSphere Guardium z/OS | <=11.4 | |
| IBM InfoSphere Guardium z/OS | <=11.5 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2152548
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
- https://seclists.org/oss-sec/2022/q4/178
- https://launchpad.net/bugs/cve/CVE-2022-4378
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2152607
- https://access.redhat.com/errata/RHSA-2023:0856
- https://access.redhat.com/errata/RHSA-2023:0858
- https://access.redhat.com/errata/RHSA-2023:0944
- https://access.redhat.com/errata/RHSA-2023:0945
- https://access.redhat.com/errata/RHSA-2023:0951
- https://access.redhat.com/errata/RHSA-2023:0979
- https://access.redhat.com/errata/RHSA-2023:1008
- https://access.redhat.com/errata/RHSA-2023:1103
- https://access.redhat.com/errata/RHSA-2023:1101
- https://access.redhat.com/errata/RHSA-2023:1091
- https://access.redhat.com/errata/RHSA-2023:1092
- https://access.redhat.com/errata/RHSA-2023:1110
- https://access.redhat.com/errata/RHSA-2023:1109
- https://access.redhat.com/errata/RHSA-2023:1202
- https://access.redhat.com/errata/RHSA-2023:1203
- https://access.redhat.com/errata/RHSA-2023:1220
- https://access.redhat.com/errata/RHSA-2023:1221
- https://access.redhat.com/errata/RHSA-2023:1251
- https://access.redhat.com/errata/RHSA-2023:1435
- https://access.redhat.com/errata/RHSA-2023:1584
- https://access.redhat.com/errata/RHSA-2023:1566
- https://access.redhat.com/errata/RHSA-2023:1659
- https://access.redhat.com/errata/RHSA-2023:1705
- https://access.redhat.com/errata/RHSA-2023:1706
- https://access.redhat.com/errata/RHSA-2023:1822
- https://access.redhat.com/errata/RHSA-2023:3388
- https://access.redhat.com/errata/RHSA-2023:3431
- https://access.redhat.com/errata/RHSA-2023:3491
- https://access.redhat.com/security/cve/cve-2022-4378
- https://exchange.xforce.ibmcloud.com/vulnerabilities/242006
- https://www.ibm.com/support/pages/node/7007815 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4378
- https://nvd.nist.gov/vuln/detail/CVE-2022-4378
- https://security-tracker.debian.org/tracker/CVE-2022-4378
- https://ubuntu.com/security/CVE-2022-4378
- https://www.openwall.com/lists/oss-security/2022/12/09/1
- https://git.kernel.org/linus/bce9332220bd677d83b19d21502776ad555a0e73
- https://git.kernel.org/linus/e6cfaf34be9fcd1a8285a294e18986bfc41a409c
Frequently Asked Questions
What is the severity of CVE-2022-4378?
CVE-2022-4378 is a high-severity stack overflow vulnerability in the Linux Kernel that can lead to system crashes and privilege escalation.
How do I fix CVE-2022-4378?
To mitigate CVE-2022-4378, update to a patched version of the Linux Kernel, such as 6.0.12 or corresponding fixed versions in affected distributions.
What versions are affected by CVE-2022-4378?
CVE-2022-4378 affects multiple versions of the Linux Kernel from 4.9.0 to 6.0.11.
Can CVE-2022-4378 be exploited remotely?
Exploitation of CVE-2022-4378 requires local access to the system, as it involves interacting with SYSCTL.
What are the potential impacts of CVE-2022-4378?
The potential impacts of CVE-2022-4378 include system crashes and the possibility of privilege escalation for users with access to SYSCTL.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-4378
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/trending
- agent/author
- agent/references
- agent/last-modified-date
- agent/description
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- collector/ibm-support
- source/IBM
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.9.0
- version/linux kernel/4.9.337
- version/linux kernel/4.14.0
- version/linux kernel/4.14.302
- version/linux kernel/4.19.0
- version/linux kernel/4.19.269
- version/linux kernel/5.4.0
- version/linux kernel/5.4.228
- version/linux kernel/5.10.0
- version/linux kernel/5.10.162
- version/linux kernel/5.15.0
- version/linux kernel/5.15.86
- version/linux kernel/6.0.0
- version/linux kernel/6.0.11
- vendor/ibm
- canonical/ibm infosphere guardium z/os
- version/ibm infosphere guardium z/os/11.3
- version/ibm infosphere guardium z/os/11.4
- version/ibm infosphere guardium z/os/11.5
- package-manager/debian