CVE-2022-4129

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 2

Advisories 39

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

Weaknesses

CWE-667: Improper Locking

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2022-11-28 22:15:11
(21 months ago)
Updated Date: 2023-11-07 03:57:00
(10 months ago)

Affected Products

Fedoraproject

Fedora

Linux

Layer 2 Tunneling Protocol

Configuration #1

		CPE23	From	Up To
	Linux Layer 2 Tunneling Protocol prior 6.0 version	cpe:2.3:a:linux:layer_2_tunneling_protocol		< 6.0

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 35	cpe:2.3:o:fedoraproject:fedora:35
	Fedoraproject Fedora 36	cpe:2.3:o:fedoraproject:fedora:36
	Fedoraproject Fedora 37	cpe:2.3:o:fedoraproject:fedora:37