Skip to content

Linux kernel: cls_route UAF

Moderate
frezbo published GHSA-j87c-vff3-v9mc Sep 1, 2022

Package

No package listed

Affected versions

< 1.2.0

Patched versions

>= 1.2.0

Description

Impact

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

Patches

The fix has been backported to 5.15.61 version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.2.0 is shipped with Linux Kernel 5.15.64 fixing the above issue.

Workarounds

Audit kubernetes workloads running in the cluster with privileged: true set or having NET_ADMIN capability and assess the threat vector.

References

For more information

Severity

Moderate

CVE ID

CVE-2022-2588

Weaknesses

No CWEs