Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-4129

Good to know:

icon

Date: November 27, 2022

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

Language: C

Severity Score

Related Resources (15)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5SPXMXXFANDASPCKER2JIQO2F3UHCP/
https://access.redhat.com/security/cve/CVE-2022-4129
https://security-tracker.debian.org/tracker/CVE-2022-4129
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5SPXMXXFANDASPCKER2JIQO2F3UHCP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOKXNIM2R4FQCDRQV67UMAY6EBC72QFG/
https://lore.kernel.org/all/20221114191619.124659-1-jakub%40cloudflare.com/t
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JOKXNIM2R4FQCDRQV67UMAY6EBC72QFG/
https://nvd.nist.gov/vuln/detail/CVE-2022-4129
https://lore.kernel.org/netdev/20221121085426.21315-1-jakub@cloudflare.com/t
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AM5KFIE6JNZXHBA5A2KYDZAT3MEX2B67/
https://lore.kernel.org/all/20221114191619.124659-1-jakub@cloudflare.com/t
https://lore.kernel.org/netdev/20221121085426.21315-1-jakub%40cloudflare.com/t
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AM5KFIE6JNZXHBA5A2KYDZAT3MEX2B67/
https://www.mend.io/vulnerability-database/CVE-2022-4129

Severity Score

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

Improper Locking

CWE-667

Top Fix

icon

Upgrade Version

Upgrade to version linux-yocto - 4.10+gitAUTOINC+805ea440c7_b259a5d744;linux-yocto - 4.8.26+gitAUTOINC+1c60e003c7_27efc3ba68;linux-libc-headers - 5.14

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us