OSG-SEC-2022-10-17 HIGH Linux kernel use-after-free in cls_route filter

Dear OSG Security Contacts,

A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel as described in CVE-2022-2588. [2] It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. [1]

IMPACTED VERSIONS:

RHEL 6, 7, 8 based distributions (RHEL 9 is not affected). [2] Ubuntu (all actively supported versions). [5]

WHAT ARE THE VULNERABILITIES:

This flaw allows a local user to crash the system and may allow local privilege escalation.

WHAT YOU SHOULD DO:

Patches for the kernel and mitigations for RHEL based distributions aren't yet available. We recommend you pay attention to CVE references and update the kernel when patched versions are available, and then restart the systems.

Patches for Debian/Ubuntu based distributions are available. Update the kernel with the patched versions, and restart the systems.

Sites running RHEL should see [2]

Sites running CentOS should also see [2]

Sites running Scientific Linux should see [3]

Sites running Debian should see [4]

Sites running Ubuntu should see [5]

Sites running RockyLinux should see [6]

Sites running Almalinux should see [7]

REFERENCES

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2114849

[2] https://access.redhat.com/security/cve/CVE-2022-2588

[3] https://www.scientificlinux.org/category/sl-errata/

[4] https://security-tracker.debian.org/tracker/CVE-2022-2588

[5] https://ubuntu.com/security/CVE-2022-2588

[6] https://errata.rockylinux.org/

[7] https://errata.almalinux.org/

Please contact the OSG security team at [email protected] if you have any questions or concerns.

OSG Security Team