Veracode Vulnerability DatabaseVERACODE:36423Memory Leak
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
19.0%
kernel-rt is vulnerable to denial of service. The vulnerability exists due to the small table perturb size used in the tcp source port generation algorithm in net/ipv4/tcp.c, allowing an attacker to gain sensitive information which will give the attacker the authority to carry out a denial of service attack which may lead into application crash.
References
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.0_release_notes/index
access.redhat.com/errata/RHSA-2022:5267
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2064604
kernel.googlesource.com/pub/scm/linux/kernel/git/jkirsher/net-queue/+/b2d057560b8107c633b39aabe517ff9d93f285e3%5E%21/
lore.kernel.org/lkml/[email protected]/T/
security.netapp.com/advisory/ntap-20221020-0006/
Related
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
19.0%