First published: Thu Feb 23 2023(Updated: )
A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Credit: cve-coordination@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:4.18.0-477.10.1.rt7.274.el8_8 | 0:4.18.0-477.10.1.rt7.274.el8_8 |
redhat/kernel | <0:4.18.0-477.10.1.el8_8 | 0:4.18.0-477.10.1.el8_8 |
redhat/kernel | <0:4.18.0-147.83.1.el8_1 | 0:4.18.0-147.83.1.el8_1 |
redhat/kernel | <0:4.18.0-193.109.1.el8_2 | 0:4.18.0-193.109.1.el8_2 |
redhat/kernel-rt | <0:4.18.0-193.109.1.rt13.160.el8_2 | 0:4.18.0-193.109.1.rt13.160.el8_2 |
redhat/kernel-rt | <0:4.18.0-305.86.2.rt7.160.el8_4 | 0:4.18.0-305.86.2.rt7.160.el8_4 |
redhat/kernel | <0:4.18.0-305.86.2.el8_4 | 0:4.18.0-305.86.2.el8_4 |
redhat/kernel | <0:4.18.0-372.52.1.el8_6 | 0:4.18.0-372.52.1.el8_6 |
redhat/kernel | <0:5.14.0-284.11.1.el9_2 | 0:5.14.0-284.11.1.el9_2 |
redhat/kernel-rt | <0:5.14.0-284.11.1.rt14.296.el9_2 | 0:5.14.0-284.11.1.rt14.296.el9_2 |
redhat/kernel | <0:5.14.0-70.58.1.el9_0 | 0:5.14.0-70.58.1.el9_0 |
redhat/kernel-rt | <0:5.14.0-70.58.1.rt21.129.el9_0 | 0:5.14.0-70.58.1.rt21.129.el9_0 |
Linux Linux kernel | >=4.13.0<4.14.303 | |
Linux Linux kernel | >=4.19<4.19.270 | |
Linux Linux kernel | >=5.4<5.4.229 | |
Linux Linux kernel | >=5.10<5.10.163 | |
Linux Linux kernel | >=5.15<5.15.88 | |
Linux Linux kernel | >=6.0<6.0.19 | |
Linux Linux kernel | >=6.1<6.1.5 | |
Linux Linux kernel | =6.2-rc1 | |
Linux Linux kernel | =6.2-rc2 | |
redhat/kernel | <6.2 | 6.2 |
debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.9-1 |
To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)