Rewterz Threat Advisory – Multiple Node.js marked module Vulnerabilities

January 17, 2022

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC-F Series

January 17, 2022

Rewterz Threat Advisory – CVE-2022-23222 – Linux Kernel Vulnerability

January 17, 2022

Severity

High

Analysis Summary

CVE-2022-23222

Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation by the bpf verifier in kernel/bpf/verifier.c. By executing a specially-crafted eBPF program with certain *_OR_NULL pointer types, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute code in the context of the kernel.

Impact

Privilege Escalation

Affected Vendors

Linux

Affected Products

Linux Kernel 5.8.0
Linux Kernel 5.9
Linux Kernel 5.10
Linux Kernel 5.11

Remediation

Refer to Linux Kernel Advisory for patch, upgrade, or suggested workaround information.

https://www.kernel.org/

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Multiple Node.js marked module Vulnerabilities

Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC-F Series

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.