Ukuba sengozini (CVE-2022-3977) kukhonjwe ku-Linux kernel, engase isetshenziswe umsebenzisi wasendaweni ukukhulisa amalungelo akhe ohlelweni. Ukuba sengozini kuvela ku-kernel 5.18 futhi kwalungiswa egatsheni 6.1. Ukubonakala kokulungiswa kokusatshalaliswa kungalandelelwa emakhasini: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch.
Ubungozi bukhona ekusetshenzisweni kwephrothokholi ye-MCTP (Management Component Transport Protocol), esetshenziselwa ukuxhumana phakathi kwabalawuli namadivayisi ahlobene. Ukuba sengozini kubangelwa isimo somjaho kumsebenzi we-mctp_sk_unhash(), oholela ekufinyeleleni kwememori ukusetshenziswa ngemva kokungena mahhala lapho kuthunyelwa isicelo se-ioctl se-DROPTAG kanyekanye nokuvala isokhethi.
Source: opennet.ru