CVE-2022-28356 - log back

CVE-2022-28356 edited at 15 Apr 2022 21:19:38
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Notes
+ local and arbitrary code execution are assumed from the context
CVE-2022-28356 edited at 15 Apr 2022 20:58:36
Description
- In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c
+ In the Linux kernel 5.17 before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c, if it finds an ARPHRD_ETHER type net device, it will hold the device's refcount, but doesn't release the device if it fails to find a usable sap later. If llc_ui_bind() is called on a socket multiple times and provided with a used sllc_sap each time, the device's refcount will be increased unexpectedly, and the device cannot be removed then. An attacker can leverage this flaw to trigger an integer overflow on the device's refcount and eventually lead to a use-after-free bug. The function llc_ui_autobind() has the same issue.
References
+ https://www.openwall.com/lists/oss-security/2022/04/06/1
+ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
+ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1
+ https://github.com/torvalds/linux/commit/615d069dcf1207462ce30c05a2f47d461be8f6c8
https://github.com/torvalds/linux/commit/764f4eb6846f5475f1244767d24d25dd86528a4a
https://github.com/torvalds/linux/commit/2d327a79ee176930dc72c131a970c891d367c1dc
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1
- https://www.openwall.com/lists/oss-security/2022/04/06/1
CVE-2022-28356 edited at 15 Apr 2022 18:51:05
References
https://github.com/torvalds/linux/commit/764f4eb6846f5475f1244767d24d25dd86528a4a
+ https://github.com/torvalds/linux/commit/2d327a79ee176930dc72c131a970c891d367c1dc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1
https://www.openwall.com/lists/oss-security/2022/04/06/1
CVE-2022-28356 edited at 12 Apr 2022 20:22:59
Severity
- Unknown
+ High
CVE-2022-28356 created at 06 Apr 2022 21:16:59
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c
References
+ https://github.com/torvalds/linux/commit/764f4eb6846f5475f1244767d24d25dd86528a4a
+ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1
+ https://www.openwall.com/lists/oss-security/2022/04/06/1
Notes