CVE-2022-4129

2022-11-2800:00:00

ubuntu.com

linux kernel

layer 2 tunneling protocol

race condition

null pointer dereference

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A flaw was found in the Linux kernel’s Layer 2 Tunneling Protocol (L2TP). A
missing lock when clearing sk_user_data can lead to a race condition and
NULL pointer dereference. A local user could use this flaw to potentially
crash the system causing a denial of service.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< 5.4.0-147.164UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-70.77UNKNOWN
ubuntu22.10noarchlinux< 5.19.0-42.43UNKNOWN
ubuntu22.04noarchlinux-allwinner-5.19< 5.19.0-1012.12~22.04.1UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1100.108UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1034.38UNKNOWN
ubuntu22.10noarchlinux-aws< 5.19.0-1025.26UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1034.38~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1100.108~18.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1106.112UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< 5.4.0-147.164	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-70.77	UNKNOWN
ubuntu	22.10	noarch	linux	< 5.19.0-42.43	UNKNOWN
ubuntu	22.04	noarch	linux-allwinner-5.19	< 5.19.0-1012.12~22.04.1	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1100.108	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1034.38	UNKNOWN
ubuntu	22.10	noarch	linux-aws	< 5.19.0-1025.26	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1034.38~20.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< 5.4.0-1100.108~18.04.1	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< 5.4.0-1106.112	UNKNOWN