Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-4129
HistoryNov 28, 2022 - 12:00 a.m.

CVE-2022-4129

2022-11-2800:00:00
ubuntu.com
ubuntu.com
37
linux kernel
layer 2 tunneling protocol
race condition
null pointer dereference
denial of service

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.1%

A flaw was found in the Linux kernel’s Layer 2 Tunneling Protocol (L2TP). A
missing lock when clearing sk_user_data can lead to a race condition and
NULL pointer dereference. A local user could use this flaw to potentially
crash the system causing a denial of service.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< 5.4.0-147.164UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-70.77UNKNOWN
ubuntu22.10noarchlinux< 5.19.0-42.43UNKNOWN
ubuntu22.04noarchlinux-allwinner-5.19< 5.19.0-1012.12~22.04.1UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1100.108UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1034.38UNKNOWN
ubuntu22.10noarchlinux-aws< 5.19.0-1025.26UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1034.38~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1100.108~18.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1106.112UNKNOWN
Rows per page:
1-10 of 641

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.1%