Rapid7 Vulnerability & Exploit Database

Amazon Linux AMI: CVE-2022-36946: Security patch for kernel (ALAS-2022-1636)

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Amazon Linux AMI: CVE-2022-36946: Security patch for kernel (ALAS-2022-1636)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
07/27/2022
Created
10/12/2022
Added
10/11/2022
Modified
02/06/2024

Description

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

Solution(s)

  • amazon-linux-upgrade-kernel

References

  • ALAS-2022-1636
  • CVE-2022-36946
  • USN-5580-1
  • USN-5590-1
  • USN-5621-1
  • USN-5622-1
  • USN-5623-1
  • USN-5624-1
  • USN-5630-1
  • USN-5633-1
  • USN-5634-1
  • USN-5635-1
  • USN-5639-1
  • USN-5640-1
  • USN-5644-1
  • USN-5647-1
  • USN-5648-1
  • USN-5650-1
  • USN-5652-1
  • USN-5654-1
  • USN-5655-1
  • USN-5660-1
  • USN-5683-1
View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;