Linux Vulnerabilities of the Week: February 14, 2022

Linux Vulnerabilities of the Week: February 14, 2022

1. Integer overflow in function XML_GetBuffer in Expat (<2.4.4) affecting Red Hat Enterprise Linux 7 and 8

Severity: Critical         CVSS Score: 9.8

Expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing many prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-23852

2. JMSAppender in Log4j 1.2 flaw

Severity: Important    CVSS Score: 7.5

JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender, which is not the default, and to the attacker’s JNDI LDAP endpoint.

Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, this can be exposed over any network, with low privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4104

3. ASP.NET Core Krestel HTTP headers flaw

Severity: Important    CVSS Score: 7.5

This is a flaw in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This vulnerability allows a remote, unauthenticated attacker to cause a denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-21986

4. Refcount leak in pep_sock_accept() in net/phonet/pep.c in the Linux kernel through 5.15.8

Severity: Medium       CVSS Score: 5.5

This is a memory leak flaw in the Linux kernel’s PhoNet (Phone Network protocol) functionality. A local user could use this flaw to starve the resources causing a denial of service.

The highest threat from this vulnerability is to confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this requires access to the same network as the device to be exploited, this can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-45095

5. A null pointer dereference in bond_ipsec_add_sa() in the Linux Kernel affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.5

This is a null pointer dereference in the Linux kernel’s bonding driver in the way a user bonds a non-existing or fake device. This vulnerability allows a local user to crash the system, causing a denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this requires access to the same network as the device to be exploited, this can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-0286