Bugzilla – Bug 1202574
VUL-0: CVE-2022-2526: systemd: systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c
Last modified: 2022-09-14 12:04:54 UTC
rh#2109926 systemd-resolved is susceptible to a Use After Free (UAF) vulnerability in how DNS packets are handled. Functions such as on_stream_io and dns_stream_complete in resolved-dns-stream.c do not increment the reference counting for the DnsStream object they are working on. Other functions and callbacks called there (e.g. on_llmnr_stream_packet) could unreference the DnsStream object, causing a Use After Free when the reference is still used later. Upstream patch: https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c References: https://bugzilla.redhat.com/show_bug.cgi?id=2109926 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2526
This is fixed since v240. So everything <= SUSE:SLE-15:Update is affected.
None of the SLE distros ships systemd-resolved. IIRC Leap started shipping systemd-resolved since 15.3, which uses v246. So I don't think we need to fix this issue. Alexander, could you confirm ?
Our customer would like to know if this CVE affect our SLE product because it shows "affected" from "https://www.suse.com/security/cve/CVE-2022-2526.html". Could you help to confirm it and update the status? Many thanks!
As Frank said in comment 2, we don't ship the affected component (systemd-resolved) in SLE, so we aren't affected. Closing.