Bugzilla – Bug 1198025
VUL-0: CVE-2022-1204: kernel-source: Use after free in net/ax25/af_ax25.c
Last modified: 2023-01-18 17:36:12 UTC
There are use-after-free vulnerabilities in net/ax25/af_ax25.c of linux that allow attacker to crash linux kernel by simulating Amateur Radio from user-space.
The ax25 stuff is enabled on SLE15-SP3 and SLE15-SP4 but shipped only with kernel-*-optional for Leap.
Tracking as affected:
This bug seems to approach a good date for CVE SLA fulfillment .
What is its status, please?
All fixes have been already backported to both SLE15-SP3 and SLE15-SP4 for other CVE entries (CVE-2022-1205 CVE-2022-1199 bsc#1198027 bsc#1198028).
I updated the patch reference to point to this one, too.
Reassigned back to security team.