Critical Linux Kernel DoS, Arbitrary Code Execution Bugs Fixed: What You Need to Know

Several critical and high-severity security issues, including multiple use-after-free vulnerabilities and a stack-based buffer overflow vulnerability, were discovered in the Linux kernel. These vulnerabilities could lead to denial of service (DoS) attacks, privilege escalation, or the execution of arbitrary code. This article will discuss the issues discovered, who is impacted, and how to protect against these flaws.

The Discovery & The Impact

Among the most serious issues recently discovered in the Linux kernel are the following vulnerabilities:

• A critical use after free vulnerability affecting the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec in the kernel has been found. (CVE-2022-3545). 
• A critical use after free vulnerability affecting the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth in the kernel was discovered (CVE-2022-3640). 
• A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables (CVE-2022-4378). 
• A use-after-free vulnerability has been discovered in the kernel which can be exploited to achieve local privilege escalation (CVE-2023-0461). To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, the user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. 

A local attacker could exploit these bugs to cause a denial of service (system crash), escalate privileges, or possibly execute arbitrary code. 

These vulnerabilities impact:

• linux: Linux kernel
• linux-aws: Linux kernel for Amazon Web Services (AWS) systems
• linux-dell300x: Linux kernel for Dell 300x platforms
• linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
• linux-oracle: Linux kernel for Oracle Cloud systems

How Can I Secure My Systems Against These Vulnerabilities?

An important security update for the kernel that fixes these dangerous bugs has been released. Distros have released security advisories for these vulnerabilities, providing instructions on how users can update their systems to protect against them.

LinuxSecurity Founder Dave Wreski warns, “We urge all impacted users to update now to protect against attacks leading to downtime and compromise. Patching is an easy and effective way to mitigate the risk of an adversary exploiting these issues to halt productivity and potentially harm your critical systems.”

Be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).