CVE-2022-28356 log

Severity High
Remote No
Type Arbitrary code execution
In the Linux kernel 5.17 before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c, if it finds an ARPHRD_ETHER type net device, it will hold the device's refcount, but doesn't release the device if it fails to find a usable sap later. If llc_ui_bind() is called on a socket multiple times and provided with a used sllc_sap each time, the device's refcount will be increased unexpectedly, and the device cannot be removed then. An attacker can leverage this flaw to trigger an integer overflow on the device's refcount and eventually lead to a use-after-free bug. The function llc_ui_autobind() has the same issue.
Group Package Affected Fixed Severity Status Ticket
AVG-2675 linux-lts 5.17.0-1 5.17.1-1 High Not affected
AVG-2674 linux-hardened 5.17.0-1 5.17.1-1 High Not affected
AVG-2673 linux 5.17.0-1 5.17.1-1 High Fixed
AVG-2672 linux-zen 5.17.0-1 5.17.1-1 High Fixed
local and arbitrary code execution are assumed from the context