UBUNTU-CVE-2022-3524

Description

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• ubuntu•linux

  all | < 4.4.0-235.269 | < 4.15.0-200.211 | < 5.4.0-135.152 | < 5.15.0-56.62

• ubuntu•linux-aws

  < 4.4.0-1114.120 | < 4.4.0-1152.167 | < 4.15.0-1146.158 | < 5.4.0-1092.100 | < 5.15.0-1026.30

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1026.30~20.04.2

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1092.100~18.04.2

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2085.91 | all | < 5.4.0-1092.100+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1146.158~16.04.2

• ubuntu•linux-azure

  < 4.15.0-1157.172~14.04.2 | < 4.15.0-1159.174~16.04.1 | all | < 5.4.0-1098.104 | < 5.15.0-1029.36

• ubuntu•linux-azure-4.15

  < 4.15.0-1157.172

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1029.36~20.04.1

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1098.104~18.04.2

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  < 5.15.0-1029.36.1

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2066.72 | all | < 5.4.0-1098.104+fips1

• ubuntu•linux-bluefield

  < 5.4.0-1054.60 | all

• ubuntu•linux-dell300x

  < 4.15.0-1057.62

• ubuntu•linux-fips

  < 4.4.0-1084.91 | all | < 4.15.0-1103.114 | < 5.4.0-1068.77

• ubuntu•linux-gcp

  < 4.15.0-1141.157~16.04.2 | all | < 5.4.0-1096.105 | < 5.15.0-1025.32

• ubuntu•linux-gcp-4.15

  < 4.15.0-1141.157

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1025.32~20.04.2

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1096.105~18.04.2

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2050.55 | all | < 5.4.0-1096.105+fips1

• ubuntu•linux-gke

  < 5.4.0-1090.97 | < 5.15.0-1023.28

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  < 5.15.0-1023.28~20.04.2

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  < 5.4.0-1060.64 | < 5.15.0-1011.15

• ubuntu•linux-gkeop-5.15

  < 5.15.0-1011.15~20.04.2

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  < 4.15.0-200.211~16.04.2 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.15

  < 5.15.0-56.62~20.04.1

• ubuntu•linux-hwe-5.4

  < 5.4.0-135.152~18.04.2

Showing first 50 affected entries in server-rendered view.

References (18)

• https://ubuntu.com/security/CVE-2022-3524
• https://git.kernel.org/linus/3c52c6bb831f6335c176a0fc7214e26f43adbd11
• https://ubuntu.com/security/notices/USN-5754-1
• https://ubuntu.com/security/notices/USN-5755-1
• https://ubuntu.com/security/notices/USN-5756-1
• https://ubuntu.com/security/notices/USN-5757-1
• https://ubuntu.com/security/notices/USN-5757-2
• https://ubuntu.com/security/notices/USN-5758-1
• https://ubuntu.com/security/notices/USN-5756-2
• https://ubuntu.com/security/notices/USN-5755-2
• https://ubuntu.com/security/notices/USN-5754-2
• https://ubuntu.com/security/notices/USN-5773-1
• https://ubuntu.com/security/notices/USN-5756-3
• https://ubuntu.com/security/notices/USN-5774-1
• https://ubuntu.com/security/notices/USN-5779-1
• https://ubuntu.com/security/notices/USN-5780-1
• https://ubuntu.com/security/notices/USN-5789-1
• https://www.cve.org/CVERecord?id=CVE-2022-3524