ESET Customer Advisory 2022-0005
February 24, 2022
ESET discovered a vulnerability in its business and server products for Linux. Fixed product versions are now available to download and ESET recommends that customers download and install them.
As part of an internal code review process, ESET discovered a potential use-after-free vulnerability in a kernel module of its business and server products for Linux. This vulnerability could, in theory, allow an attacker to trigger a denial-of-service condition on the system.
ESET fixed the vulnerability and prepared new builds of its products that are now available to download.
The CVE ID reserved by ESET for this vulnerability is CVE-2022-0615 with the following CVSS v3 vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C.
To the best of our knowledge, there are no existing exploits that take advantage of this vulnerability in the wild.
ESET prepared the following fixed product versions that are not susceptible to the vulnerability and recommends that users update to them:
- ESET Endpoint Antivirus for Linux version 220.127.116.11
- ESET Endpoint Antivirus for Linux version 18.104.22.168
- ESET Server Security for Linux version 7.2.578.0
- ESET Server Security for Linux version 8.1.818.0
Affected programs and versions
The following product versions are susceptible to the vulnerability:
- ESET Endpoint Antivirus for Linux from version 22.214.171.124 to 126.96.36.199
- ESET Endpoint Antivirus for Linux from version 188.8.131.52 to 184.108.40.206
- ESET Server Security for Linux from version 7.2.463.0 to 7.2.574.0
- ESET Server Security for Linux from version 8.0.375.0 to 8.1.813.0
Feedback & Support
ESET discovered this vulnerability internally.
Version 1.0 (February 24, 2022): Initial version of this document