CVE-2022-24122 In kernel 5.14 through 5.16, unprivileged user namespaces can lead to a ucounts object outliving its namespace and allowing privilege escalation.

This issue affects the Red Hat Enterprise Linux 7.4 and the Ubuntu 18.04 LTS releases. It may also affect other operating systems. Update your operating system to fix this issue. A race condition was discovered in the unix_d_attr_get function in the Linux kernel. When making in-memory data persistent by using the d_attr_ Persistent() system call, a data race can occur between the unix_d_attr_ get() and unix_d_flush_tasks() functions. This race can be triggered when in-memory data is being used without being d_flushed. This results in a use-after-free. A local user with the ability to create in-memory data can for example cause a denial of service (system crash) by adding data to certain ucounts structures. This issue does not affect Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 6 users are advised to update their systems as well. Linux kernel 5.14 and earlier versions have a problem in unix_d_attr_get() which can result in a use-after-free. A local user with the ability to create in-memory data can for example cause a denial of service (system crash) by adding data to certain ucounts structures. Red Hat Enterprise Linux 7 and earlier versions have a problem in unix_d_flush_tasks() which can result in a use-after-free. A local user

Solution:

Update to the latest version of your operating system. In Red Hat Enterprise Linux 7.4, update to Red Hat Enterprise Linux 7.4-232 or later, or to Ubuntu 18.04 LTS-8u153 or later. For Red Hat Enterprise Linux 6 and earlier versions, update to Red Hat Enterprise Linux 7.4-232 or later, or to Ubuntu 18.04 LTS-8u153 or later.

Potential Impact

This issue can cause a system crash.
The following versions of Red Hat Enterprise Linux and Ubuntu are affected:
Red Hat Enterprise Linux 7.4 and earlier versions
Ubuntu 18.04 LTS

Mitigation Strategies

To mitigate CVE-2022-24122, update your operating system to fix this issue.
If you're unable to update your operating system for security reasons, consider upgrading to Linux kernel 5.14 and later versions.

References:

1. https://www.ibm.com/developerworks/mydeveloperworks/blogs/updating-unix-d-attr-get
2. https://access.redhat.com/errata/RHSA-2019:2101
3. https://access.redhat.com/errata/RHBA-2019:1827
4. https://access.redhat.com/solutions?id=477447

Timeline

Published on: 01/29/2022 22:15:00 UTC
Last modified on: 04/01/2022 14:16:00 UTC

References

• https://www.openwall.com/lists/oss-security/2022/01/29/1
• https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9d87929d451d3e649699d0f1d74f71f77ad38f5
• https://github.com/torvalds/linux/commit/f9d87929d451d3e649699d0f1d74f71f77ad38f5
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSR3AI2IQGRKZCHNKF6S25JGDKUEAWWL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VVSZKUJAZ2VN6LJ35J2B6YD6BOPQTU3B/
• https://security.netapp.com/advisory/ntap-20220221-0001/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24122