vulnerability
Red Hat: CVE-2022-2526: CVE-2022-2526 systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | 2022-08-24 | 2022-08-26 | 2025-01-30 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
2022-08-24
Added
2022-08-26
Modified
2025-01-30
Description
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
Solution(s)
redhat-upgrade-libgudev1redhat-upgrade-libgudev1-develredhat-upgrade-systemdredhat-upgrade-systemd-containerredhat-upgrade-systemd-container-debuginforedhat-upgrade-systemd-debuginforedhat-upgrade-systemd-debugsourceredhat-upgrade-systemd-develredhat-upgrade-systemd-journal-gatewayredhat-upgrade-systemd-journal-remoteredhat-upgrade-systemd-journal-remote-debuginforedhat-upgrade-systemd-libsredhat-upgrade-systemd-libs-debuginforedhat-upgrade-systemd-networkdredhat-upgrade-systemd-pamredhat-upgrade-systemd-pam-debuginforedhat-upgrade-systemd-pythonredhat-upgrade-systemd-resolvedredhat-upgrade-systemd-sysvredhat-upgrade-systemd-testsredhat-upgrade-systemd-tests-debuginforedhat-upgrade-systemd-udevredhat-upgrade-systemd-udev-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.