Severity Rating: HIGH

Software Affected

F5 BIG-IP (all modules) versions (17.0.0, 16.1.0 - 16.1.3, 15.1.0 - 15.1.8, 14.1.0 - 14.1.5, 13.1.0 - 13.1.5)

BIG-IQ Centralized Management versions (7.0.0 - 7.1.0, 8.0.0 - 8.2.0)

Traffix SDC versions (5.1.0, 5.2.0)

Overview

A vulnerability has been reported in the F5 Products which may allow an authenticated attacker to access sensitive information, data manipulation and cause denial of service condition on the targeted system.

Description

This vulnerability exists in the F5 Products due to flaw in Linux kernel¿s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. An attacker could exploit this vulnerability by persuading a victim to visit a specially crafted request.

Successful exploitation of this vulnerability may allow an authenticated attacker to access sensitive information, data manipulation and cause denial of service condition on the targeted system.

Solution

Apply appropriate update as mentioned by the vendor.

Vendor Information

F5 Products

References

F5 Products

CVE Name

CVE-2022-0492