CVE-2022-0742: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-0742 is a memory leak vulnerability in the ICMPv6 implementation discovered in Linux Kernel versions 5.13 and above. The vulnerability was discovered in February 2022 and publicly disclosed on March 15, 2022. It affects the kernel's handling of ICMPv6 packets of type 130 or 131, which can lead to memory exhaustion (CVE Mitre, OpenWall).

The vulnerability exists in the icmp6 implementation where igmp6_event_query() and igmp6_event_report() functions might drop SKBs (socket buffers) in certain cases, leading to memory leaks. The issue was introduced by commit f185de28d9ae which added new workqueues for processing MLD events. The vulnerability has a CVSS v3.1 score of 7.5 (High), indicating significant severity (NetApp Advisory, Kernel Commit).

When successfully exploited, this vulnerability allows a remote attacker to cause a Denial of Service (DoS) condition by making the target system go out-of-memory. The attack can be executed by flooding the target with ICMPv6 packets of type 130 or 131, and notably, the volume of traffic required for successful exploitation doesn't need to be particularly high (OpenWall).

The vulnerability was fixed in Linux kernel commit 2d3916f3189172d5c69d33065c3c21119fe539fc. The fix was backported to various stable kernel versions including 5.16.13 and 5.15.27. Users are recommended to upgrade their kernel versions to those containing the fix. For Ubuntu users, fixes were released for version 5.13.0-37.42 in impish and other affected distributions (Ubuntu Security, Kernel Commit).