CVE-2022-3527 a vulnerability in Linux kernel, which affects ipneigh_get function of ip/ipneigh.c component of iproute2. Manipulation leads to memory leak.

This issue has been assigned a CVSS Score of 5.5. A researcher from the Cisco Talos team has published a detailed report on this issue. It is recommended to apply a patch on a priority basis. A new vulnerability has been discovered in the Linux Kernel. It may lead to a denial of service. This issue has been found in the function of ipv4/ipip. An attacker may initiate an attack by sending a flood of ICMP packets. This issue has been classified as critical. It has been assigned an identifier CVE-2019-9214.

Overview

The Linux Kernel is an open source piece of software used to operate the Linux Operating System. The Linux Kernel also contains the Resource Manager (RM) which handles scheduling for processes such as the task scheduler, processor group manager, and block I/O managers. This issue has been found in a function called ipv4/ipip. It is critical because it can lead to a denial of service by sending ICMP requests to a target system. There are four types of ICMP packets that can be sent from this function: echo request, echo reply, timestamp request, and timestamp reply. An attacker may initiate an attack by sending multiple packets with type 8 or type 0.

References:

1. http://www.cisco.com/c/en/us/products/security/talos-threat-group/-2022-3527
2. https://securityaffairs.co/wordpress/77170/hacking/linux-kernel-icmp-flood-denial-of-service.html

Vulnerability Details

A vulnerability in the function of ipv4/ipip has been discovered in the Linux Kernel. The issue has been classified as critical. There are two ways this vulnerability can be exploited by an attacker:
- Sending a flood of ICMP packets
- Creating connections to TCP ports greater than 1024
An attacker may initiate an attack by sending a flood of ICMP packets. This issue has been classified as critical.

References