ISN 2022-18: Linux Kernel Vulnerability

First published 7 September 2022

CVSS 3.1 7.8 (High)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability has been found in the Linux kernel used by IGEL OS. This affects the following IGEL products:

• IGEL OS 11
• IGEL OS 10

Details

A use-after-free vulnerability has been discovered in the Netfilter subsystem in the Linux kernel (CVE-2022-32250, formerly also known as CVE-2022-1966). It is rated high and allows a local non-privileged user to escalate their privileges to root.

Update Instructions

• IGEL OS 11: Update to IGEL OS 11.08.100 or newer.
• IGEL OS 10: Upgrade to the fixed IGEL OS 11 version.

References

• CVE-2022-32250: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250