Critical security vulnerability in Linux kernels prior to 5.15.61 (score of 10)

A security vulnerability with a CRITICAL severity level (score of 10) has been reported in Linux kernels prior to 5.15.61.

The exploitation of this vulnerability (CVE-2022-47939) can allow an attacker to execute remote commands on the attacked system. Note that the attacker does not need to be authenticated to exploit the vulnerability.

Vulnerable versions

- Linux kernels prior to 5.15.61 only.

Considerations on the vulnerabilities with a score of 10

The score of the vulnerability being very high (10 is the maximum score), it means that

• The vulnerability can be exploited remotely.
• No authentication is required to exploit the vulnerability.
• The attacker does not need to know the password of the attacked server.
• The vulnerability can be easily exploited.
• There are probably attack exploits available for free download
• The impacts can be HIGH
• The types of malicious code that can be remotely executed to exploit such a vulnerability include (but are not limited to): ransomware, remote takeover tool, etc.

It is therefore urgent to fix this vulnerability.


Mitigation

The patch for the vulnerability can be found here.

If you are using a vulnerable Linux version that you cannot fix (for whatever reason), please contact us so that we can propose compensatory measures.

How can Streamscan help you?

Cyber attacks are happening all the time. Without continuous security monitoring, you have no insights into the attacks impacting you. You can't protect yourself from what you can't see.

Let us give clear insights into your network. Join our MDR managed monitoring platform powered by our CDS cyber threat detection technology and keep yourself safe from cyberattacks.

- Contact us at +1 877 208-9040 or talk to one of our experts.