CVE-2022-28356 log

Source
Severity High
Remote No
Type Arbitrary code execution
Description 
In the Linux kernel 5.17 before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c, if it finds an ARPHRD_ETHER type net device, it will hold the device's refcount, but doesn't release the device if it fails to find a usable sap later. If llc_ui_bind() is called on a socket multiple times and provided with a used sllc_sap each time, the device's refcount will be increased unexpectedly, and the device cannot be removed then. An attacker can leverage this flaw to trigger an integer overflow on the device's refcount and eventually lead to a use-after-free bug. The function llc_ui_autobind() has the same issue.
Group Package Affected Fixed Severity Status Ticket
AVG-2675 linux-lts 5.17.0-1 5.17.1-1 High Not affected
AVG-2674 linux-hardened 5.17.0-1 5.17.1-1 High Not affected
AVG-2673 linux 5.17.0-1 5.17.1-1 High Fixed
AVG-2672 linux-zen 5.17.0-1 5.17.1-1 High Fixed
References 
https://www.openwall.com/lists/oss-security/2022/04/06/1
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1
https://github.com/torvalds/linux/commit/615d069dcf1207462ce30c05a2f47d461be8f6c8
https://github.com/torvalds/linux/commit/764f4eb6846f5475f1244767d24d25dd86528a4a
https://github.com/torvalds/linux/commit/2d327a79ee176930dc72c131a970c891d367c1dc
Notes 
local and arbitrary code execution are assumed from the context