Lucene search

K
ubuntucve
Ubuntu.comUB:CVE-2022-0435
HistoryFeb 10, 2022 - 12:00 a.m.

CVE-2022-0435

2022-02-1000:00:00
ubuntu.com
ubuntu.com
55

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.5%

A stack overflow flaw was found in the Linux kernel’s TIPC protocol
functionality in the way a user sends a packet with malicious content where
the number of domain member nodes is higher than the 64 allowed. This flaw
allows a remote user to crash the system or possibly escalate their
privileges if they have access to the TIPC network.

Notes

Author Note
sbeattie introduced in v4.8 mitigated by CONFIG_FORTIFY_SOURCE, enabled in Ubuntu kernels since v4.18 kernels (Ubuntu 18.10 and newer, as well as HWE kernels for 18.04 LTS), mitigates this into a DoS. for 4.15 kernels as used in 18.04 LTS and HWE for 16.04 ESM, kernels are built with stack-protector, which makes this more difficult to exploit.
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.5%

Related for UB:CVE-2022-0435