CVE-2022-33743
Description
Important: kernel-rt security and bug fix update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description kernel: network backend may cause Linux netfront to use freed SKBs (XSA-405) Red Hat statement Keeping this flaw Moderate, because only a denial of service is possible (A:H) as result of memory leak problem. The memory leak can happen because instead of removing skb, keeping it in the networking stack forever. The CVSS score is higher, than usually for Moderate, because kept "C:H" and…
Description
kernel: network backend may cause Linux netfront to use freed SKBs (XSA-405)
Red Hat statement
Keeping this flaw Moderate, because only a denial of service is possible (A:H) as result of memory leak problem. The memory leak can happen because instead of removing skb, keeping it in the networking stack forever. The CVSS score is higher, than usually for Moderate, because kept "C:H" and "I:H" too in case maybe potentially would be possible privilege escalation too.
CVSS v3: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-284.11.1.el9_2 | RHSA-2023:2458 | 2023-05-09T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2 | RHSA-2023:2148 | 2023-05-09T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-284.11.1.el9_2 | RHSA-2023:2458 | 2023-05-09T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected |
| Red Hat Enterprise Linux 8 | kernel | Not affected |
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected |
Apply commands
yum update -y kernel
# or:
dnf upgrade -y kernelAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 5.18.14-1 |
| debian | bullseye | fixed | 5.10.127-2 |
| debian | forky | fixed | 5.18.14-1 |
| debian | sid | fixed | 5.18.14-1 |
| debian | trixie | fixed | 5.18.14-1 |
| almalinux | 9 | fixed | kernel-devel-matched-5.14.0-284.11.1.el9_2.aarch64.rpm |
References
- https://access.redhat.com/errata/RHSA-2023:2148
- https://access.redhat.com/errata/RHSA-2023:2458
- https://www.suse.com/security/cve/CVE-2022-33743.html
- https://security-tracker.debian.org/tracker/CVE-2022-33743
- https://bugzilla.redhat.com/2061703
- https://bugzilla.redhat.com/2073091
- https://bugzilla.redhat.com/2078466
- https://bugzilla.redhat.com/2089701
- https://bugzilla.redhat.com/2090723
- https://bugzilla.redhat.com/2106830
- https://bugzilla.redhat.com/2107924
- https://bugzilla.redhat.com/2108691
- https://bugzilla.redhat.com/2114937
- https://bugzilla.redhat.com/2122228
- https://bugzilla.redhat.com/2123056
- https://bugzilla.redhat.com/2124788
- https://bugzilla.redhat.com/2130141
- https://bugzilla.redhat.com/2133483
- https://bugzilla.redhat.com/2133490
- https://bugzilla.redhat.com/2134377
- https://bugzilla.redhat.com/2134380
- https://bugzilla.redhat.com/2134451
- https://bugzilla.redhat.com/2134506
- https://bugzilla.redhat.com/2134517
- https://bugzilla.redhat.com/2134528
💬 Discuss CVE-2022-33743 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.