Denial Of Service (DoS)

2022-10-1210:37:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

linux

dos

xfrm_expand_policies

net/xfrm/xfrm_policy.c

application crash

vulnerability

0.0004 Low

EPSS

Percentile

14.3%

JSON

Linux is vulnerable to denial of service.The vulnerability exists in xfrm_expand_policies in net/xfrm/xfrm_policy.c that would cause a refcount to be dropped twice resulting in an application crash.

CPENameOperatorVersion
linux-gkeop:focaleq5.4.0.1010.13
linux-oracle:focaleq5.4.0.1021.19
linux-oracle:focaleq5.4.0.1009.9
linux-oracle:focaleq5.4.0.1024.21
linux-oracle:focaleq5.4.0.1025.22
linux-oracle:focaleq5.4.0.1030.27
linux-oracle:focaleq5.4.0.1029.26
linux-kvm:focaleq5.4.0.1020.19
linux-kvm:focaleq5.4.0.1026.24
linux-kvm:focaleq5.4.0.1009.9

Name	Operator	Version
linux-gkeop:focal	eq	5.4.0.1010.13
linux-oracle:focal	eq	5.4.0.1021.19
linux-oracle:focal	eq	5.4.0.1009.9
linux-oracle:focal	eq	5.4.0.1024.21
linux-oracle:focal	eq	5.4.0.1025.22
linux-oracle:focal	eq	5.4.0.1030.27
linux-oracle:focal	eq	5.4.0.1029.26
linux-kvm:focal	eq	5.4.0.1020.19
linux-kvm:focal	eq	5.4.0.1026.24
linux-kvm:focal	eq	5.4.0.1009.9