RedHat added a brand new CVE code, listed as 2022-3977, which is described as a use-after-free flaw. A use-after flaw can happen when a program makes an attempt to make use of reminiscence that has been launched.
CVE 2022-3977 resides within the Linux kernel MCTP (Administration Part Transport Protocol). How this vulnerability works is after a person concurrently calls DROPTAG ioctl on the similar time a socket shut happens. When this occurs, the vulnerability can then be used to raise privileges all the way in which as much as root.
This CVE has been listed as Reasonable, with a CVSS v3 base rating of seven.0 and the vulnerability was present in the latest upstream Linux kernel.
It was the Energetic Protection Lab of Venustech that initially reported the vulnerability, discovering it got here into being in v5.18.0 with the commit 63ed1aab3d40aa61aaa66819bdce9377ac7f40fa. Luckily, with a latest commit, the vulnerability has been patched.
In case you have a Linux machine operating kernel 5.18, it’s best to instantly run an improve to patch the kernel. Most main repositories have most certainly added the patch to their customary repositories.