CVE-2022-20567

Updated: 2024-03-19 04:25:48.969616

Description:

In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernel


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 6.4

Status

OS name Project name Version Score Severity Status Errata Last updated
Ubuntu 16.04 ELS linux 4.4.0 6.4 MEDIUM Released CLSA-2024:1710945589 2024-03-20 11:09:11
Ubuntu 16.04 ELS linux-hwe 4.15.0 6.4 MEDIUM Already Fixed 2024-03-22 09:53:12
Ubuntu 18.04 ELS linux 4.15.0 6.4 MEDIUM Already Fixed 2024-03-22 09:53:12