Lucene search

PRIOn knowledge basePRION:CVE-2022-4129

HistoryNov 28, 2022 - 10:15 p.m.

Race condition

2022-11-2822:15:00

PRIOn knowledge base

www.prio-n.com

linux

kernel

l2tp

protocol

system crash

race condition

denial of service

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A flaw was found in the Linux kernel’s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

CPENameOperatorVersion
fedoraeq35
fedoraeq36
fedoraeq37
layer_2_tunneling_protocollt6.0

Name	Operator	Version
fedora	eq	35
fedora	eq	36
fedora	eq	37
layer_2_tunneling_protocol	lt	6.0

References

lists.debian.org/debian-lts-announce/2023/05/msg00005.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5SPXMXXFANDASPCKER2JIQO2F3UHCP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AM5KFIE6JNZXHBA5A2KYDZAT3MEX2B67/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOKXNIM2R4FQCDRQV67UMAY6EBC72QFG/

lore.kernel.org/all/20221114191619.124659-1-jakub%40cloudflare.com/t

lore.kernel.org/netdev/20221121085426.21315-1-jakub%40cloudflare.com/t