Service Notices

All Notices > Security Notices > Linux Kernel Privilege Escalation Vulnerability (CVE-2022-2588)

Linux Kernel Privilege Escalation Vulnerability (CVE-2022-2588)

Sep 27, 2022 GMT+08:00

I. Overview

It has been disclosed that there is a privilege escalation vulnerability (CVE-2022-2588) in specific versions of the Linux kernel. The released memory can be reused in the cls_route.c filter implementation in the Linux kernel. A locally authenticated attacker can exploit this vulnerability to crash the system and escalate privileges. Currently, the details of this vulnerability have been disclosed and the risk is high. If you are a Linux kernel user, check your system and implement timely security hardening.

Reference

https://github.com/Markakd/CVE-2022-2588

https://access.redhat.com/security/cve/cve-2022-2588

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

Linux Kernel >= v2.6.12-rc2

Secure versions:

Linux Kernel >= v5.19

IV. Vulnerability Handling

This vulnerability has been fixed in later official versions. If your service version falls into the affected range, upgrade it to a latest secure version.

https://www.kernel.org/

To obtain the fixed versions provided by Linux vendors, see the security advisories of Red Hat, Ubuntu, SUSE, and Debian.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.