A privilege escalation vulnerability (CVE-2022-2639) was found in the Linux Kernel Open vSwitch module. The reserve_sfa_size() function in the Open vSwitch module has a defect. As a result, a locally authenticated user can exploit this vulnerability to escalate their privileges on the system. Currently, the vulnerability POC has been disclosed, and the risk is high.
Open vSwitch is an open source software that manages multi-tenant public cloud computing environments. It enables network administrators to monitor and control the traffic between and within VMs. If you are an Open vSwitch user, check your version and implement timely security hardening.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-2639
https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8
Severity: important
(Severity: low, moderate, important, and critical)
Affected versions:
Linux Kernel 3.13 - 5.18
Secure versions:
Linux Kernel >= v5.18
This vulnerability has been fixed in later official versions. If your service version falls into the affected range, upgrade it to a latest secure version
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.
Get more professional support at any time
Contact Us
