CVE-2022-28356 is a medium-severity vulnerability identified in the Linux kernel versions prior to 5.17.1. The issue is a reference count leak located in the net/llc/af_llc.c source file, which is part of the Logical Link Control (LLC) networking protocol implementation within the kernel. A reference count leak occurs when the kernel fails to properly decrement a reference counter for an object, leading to resource leakage. Over time, this can cause exhaustion of kernel memory or other resources, potentially resulting in denial of service (DoS) conditions. The vulnerability does not impact confidentiality or integrity directly but affects availability by causing resource depletion. The CVSS 3.1 base score is 5.5 (medium), with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), and high availability impact (A:H). Exploitation requires local access with some privileges but no user interaction, making it a concern primarily for systems where untrusted local users or processes could trigger the leak. No known exploits in the wild have been reported, and no specific patches or vendor information is provided in the data, but the fix is included in Linux kernel version 5.17.1 and later. This vulnerability highlights the importance of maintaining up-to-date kernel versions to prevent resource exhaustion attacks via kernel networking subsystems.

For European organizations, the primary impact of CVE-2022-28356 is the potential for denial of service on Linux-based systems that have not been updated beyond kernel version 5.17.1. This can affect servers, network appliances, and embedded devices running vulnerable kernels, especially those exposed to untrusted local users or processes, such as multi-tenant environments, shared hosting, or containerized platforms. Availability degradation could disrupt critical services, including web hosting, internal applications, and network infrastructure components. While the vulnerability does not compromise data confidentiality or integrity, service interruptions can lead to operational downtime, financial losses, and reputational damage. Organizations relying heavily on Linux for networking or server infrastructure should be aware of this risk, particularly in sectors like finance, telecommunications, and critical infrastructure where high availability is essential. The absence of known exploits reduces immediate risk, but the medium severity and ease of local exploitation warrant proactive mitigation.

European organizations should prioritize updating all Linux systems to kernel version 5.17.1 or later, where the vulnerability has been addressed. For environments where immediate kernel upgrades are not feasible, organizations should implement strict access controls to limit local user privileges and restrict untrusted code execution on affected systems. Monitoring kernel resource usage and setting alerts for unusual memory or reference count anomalies can help detect exploitation attempts early. Employing containerization and sandboxing can isolate vulnerable components and reduce the attack surface. Additionally, organizations should maintain an inventory of Linux kernel versions in use across their infrastructure to identify and remediate vulnerable instances promptly. Regular vulnerability scanning and patch management processes should include checks for this CVE. Finally, reviewing and hardening network protocol usage, especially LLC-related configurations, can further reduce exposure.