CVE-2022-29581

NameCVE-2022-29581
DescriptionImproper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)stretch4.9.228-1fixed
stretch (security)4.9.320-2fixed
buster4.19.235-1vulnerable
buster (security)4.19.232-1vulnerable
bullseye5.10.106-1vulnerable
bullseye (security)5.10.120-1fixed
bookworm, sid5.18.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcestretch(not affected)
linuxsourcebullseye5.10.113-1
linuxsource(unstable)5.17.6-1

Notes

[stretch] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/3db09e762dc79584a69c10d74a6b98f89a9979f8 (5.18-rc4)
https://www.openwall.com/lists/oss-security/2022/05/18/2

Search for package or bug name: Reporting problems