CVE-2022-1516: Linux kernel denial of service vulnerability

A security researcher has discovered that the Linux kernel is affected by a potentially serious vulnerability (CVE-2022-1516) that can be exploited by a local attacker to launch denial-of-service (DoS) attacks.

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime. DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open-source libraries.

The CVE-2022-1516 flaw is related to the Linux kernel’s X.25 set of standardized network protocols functionality. Exploitation involves sending specially crafted packets to the targeted device.

“A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection.”

The patch has been applied to the mainline Linux kernel. Red Hat has published a detailed description of the issues. Security advisories for the vulnerabilities have also been published by Canonical (for Ubuntu), Debian, and SUSE. Kernel updates that patch these vulnerabilities are available. Users should install the patches as soon as possible.