CVE-2022-32250 - Vulnerability Details

CVE-2022-32250 - kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Linux	Linux Kernel
Netapp	H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500s H500s Firmware H700s H700s Firmware
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Extras Rt Rhel Tus Rhev Hypervisor

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-1160.71.1.rt56.1212.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2022:5236	2022-06-28T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:7	RHSA-2022:5216	2022-06-28T00:00:00Z
kernel-0:3.10.0-1160.71.1.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2022:5232	2022-06-28T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
kernel-0:3.10.0-514.104.1.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2022:5806	2022-08-02T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
kernel-0:3.10.0-693.104.1.el7	cpe:/o:redhat:rhel_aus:7.4	RHSA-2022:5805	2022-08-02T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)
kernel-0:3.10.0-957.95.1.el7	cpe:/o:redhat:rhel_aus:7.6	RHSA-2022:5802	2022-08-02T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
kernel-0:3.10.0-957.95.1.el7	cpe:/o:redhat:rhel_tus:7.6	RHSA-2022:5802	2022-08-02T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
kernel-0:3.10.0-957.95.1.el7	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2022:5802	2022-08-02T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2022:5804	2022-08-02T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
kernel-0:3.10.0-1062.68.1.el7	cpe:/o:redhat:rhel_aus:7.7	RHSA-2022:6073	2022-08-16T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
kernel-0:3.10.0-1062.68.1.el7	cpe:/o:redhat:rhel_tus:7.7	RHSA-2022:6073	2022-08-16T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
kernel-0:3.10.0-1062.68.1.el7	cpe:/o:redhat:rhel_e4s:7.7	RHSA-2022:6073	2022-08-16T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:7.7	RHSA-2022:6075	2022-08-16T00:00:00Z
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-372.19.1.rt7.176.el8_6	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2022:5834	2022-08-02T00:00:00Z
kernel-0:4.18.0-372.19.1.el8_6	cpe:/o:redhat:enterprise_linux:8	RHSA-2022:5819	2022-08-03T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:8	RHSA-2022:5839	2022-08-03T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
kernel-0:4.18.0-147.70.1.el8_1	cpe:/o:redhat:rhel_e4s:8.1	RHSA-2022:5636	2022-07-19T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:8.1	RHSA-2022:5648	2022-07-19T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
kernel-rt-0:4.18.0-193.87.1.rt13.137.el8_2	cpe:/a:redhat:rhel_eus:8.2::nfv	RHSA-2022:5224	2022-06-28T00:00:00Z
kernel-0:4.18.0-193.87.1.el8_2	cpe:/o:redhat:rhel_eus:8.2	RHSA-2022:5220	2022-06-28T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:8.2	RHSA-2022:5476	2022-07-01T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
kernel-rt-0:4.18.0-305.57.1.rt7.129.el8_4	cpe:/a:redhat:rhel_eus:8.4::nfv	RHSA-2022:5633	2022-07-19T00:00:00Z
kernel-0:4.18.0-305.57.1.el8_4	cpe:/o:redhat:rhel_eus:8.4	RHSA-2022:5626	2022-07-19T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:8.4	RHSA-2022:5641	2022-07-19T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-70.17.1.el9_0	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:5249	2022-07-01T00:00:00Z
kernel-rt-0:5.14.0-70.17.1.rt21.89.el9_0	cpe:/a:redhat:enterprise_linux:9::nfv	RHSA-2022:5267	2022-06-28T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:9	RHSA-2022:5214	2022-06-28T00:00:00Z
kernel-0:5.14.0-70.17.1.el9_0	cpe:/o:redhat:enterprise_linux:9	RHSA-2022:5249	2022-07-01T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-virtualization-host-0:4.3.23-20220622.0.el7_9	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2022:5439	2022-07-01T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.19.1.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2022:5819	2022-08-03T00:00:00Z
redhat-virtualization-host-0:4.5.2-202209140405_8.6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2022:6551	2022-09-19T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/06/03/1
http://www.openwall.com/lists/oss-security/2022/06/04/1
http://www.openwall.com/lists/oss-security/2022/06/20/1
http://www.openwall.com/lists/oss-security/2022/07/03/5
http://www.openwall.com/lists/oss-security/2022/07/03/6
http://www.openwall.com/lists/oss-security/2022/08/25/1
http://www.openwall.com/lists/oss-security/2022/09/02/9
https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
https://bugzilla.redhat.com/show_bug.cgi?id=2092427
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd
https://github.com/theori-io/CVE-2022-32250-exploit
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/
https://nvd.nist.gov/vuln/detail/CVE-2022-32250
https://security.netapp.com/advisory/ntap-20220715-0005/
https://www.cve.org/CVERecord?id=CVE-2022-32250
https://www.debian.org/security/2022/dsa-5161
https://www.debian.org/security/2022/dsa-5173
https://www.openwall.com/lists/oss-security/2022/05/31/1

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-06-02T20:51:34

Updated: 2024-08-03T07:39:50.446Z

Reserved: 2022-06-02T00:00:00

Link: CVE-2022-32250

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-06-02T21:15:07.973

Modified: 2024-11-21T07:06:01.077

Link: CVE-2022-32250

Redhat

Severity : Important

Publid Date: 2022-05-31T00:00:00Z

Links: CVE-2022-32250 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-02T11:06:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2022/05/31/1"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd"}, {"name": "[oss-security] 20220603 Re: Linux Kernel use-after-free write in netfilter", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/06/03/1"}, {"name": "[oss-security] 20220604 Re: Linux Kernel use-after-free write in netfilter", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/06/04/1"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.debian.org/security/2022/dsa-5161"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427"}, {"name": "[oss-security] 20220620 Re: Linux Kernel use-after-free write in netfilter", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/06/20/1"}, {"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"name": "[oss-security] 20220703 Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/6"}, {"name": "[oss-security] 20220703 Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/5"}, {"name": "DSA-5173", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5173"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220715-0005/"}, {"name": "[oss-security] 20220825 Re: Linux Kernel use-after-free write in netfilter", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/08/25/1"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/theori-io/CVE-2022-32250-exploit"}, {"name": "[oss-security] 20220902 Re: Linux Kernel use-after-free write in netfilter", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/9"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-32250", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.openwall.com/lists/oss-security/2022/05/31/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/05/31/1"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd"}, {"name": "[oss-security] 20220603 Re: Linux Kernel use-after-free write in netfilter", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/06/03/1"}, {"name": "[oss-security] 20220604 Re: Linux Kernel use-after-free write in netfilter", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/06/04/1"}, {"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/"}, {"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/"}, {"name": "https://www.debian.org/security/2022/dsa-5161", "refsource": "MISC", "url": "https://www.debian.org/security/2022/dsa-5161"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427"}, {"name": "[oss-security] 20220620 Re: Linux Kernel use-after-free write in netfilter", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/06/20/1"}, {"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"name": "[oss-security] 20220703 Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/07/03/6"}, {"name": "[oss-security] 20220703 Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/07/03/5"}, {"name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173"}, {"name": "https://security.netapp.com/advisory/ntap-20220715-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220715-0005/"}, {"name": "[oss-security] 20220825 Re: Linux Kernel use-after-free write in netfilter", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/08/25/1"}, {"name": "https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/", "refsource": "MISC", "url": "https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/"}, {"name": "https://github.com/theori-io/CVE-2022-32250-exploit", "refsource": "MISC", "url": "https://github.com/theori-io/CVE-2022-32250-exploit"}, {"name": "[oss-security] 20220902 Re: Linux Kernel use-after-free write in netfilter", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/02/9"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:39:50.446Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2022/05/31/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd"}, {"name": "[oss-security] 20220603 Re: Linux Kernel use-after-free write in netfilter", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/06/03/1"}, {"name": "[oss-security] 20220604 Re: Linux Kernel use-after-free write in netfilter", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/06/04/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5161"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427"}, {"name": "[oss-security] 20220620 Re: Linux Kernel use-after-free write in netfilter", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/06/20/1"}, {"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"name": "[oss-security] 20220703 Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/6"}, {"name": "[oss-security] 20220703 Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/5"}, {"name": "DSA-5173", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5173"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20220715-0005/"}, {"name": "[oss-security] 20220825 Re: Linux Kernel use-after-free write in netfilter", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/08/25/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/theori-io/CVE-2022-32250-exploit"}, {"name": "[oss-security] 20220902 Re: Linux Kernel use-after-free write in netfilter", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/9"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-32250", "datePublished": "2022-06-02T20:51:34", "dateReserved": "2022-06-02T00:00:00", "dateUpdated": "2024-08-03T07:39:50.446Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EF4A158-12E0-4F0E-BC1B-6E0CB17693A1", "versionEndExcluding": "4.9.318", "versionStartIncluding": "4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6823775-2653-4644-A0D4-4E6E68F10C65", "versionEndExcluding": "4.14.283", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8CFA0F4-2D75-41F4-9753-87944A08B53B", "versionEndExcluding": "4.19.247", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EC49633-14DE-4EBD-BB80-76AE2E3EABB9", "versionEndExcluding": "5.4.198", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92818976-ECCC-4744-9287-E2CF4B2C4131", "versionEndExcluding": "5.10.120", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "08D699AD-F4CE-4BDD-A97E-4997299C7712", "versionEndExcluding": "5.15.45", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "192FC54B-5367-49D6-B410-0285F14665B1", "versionEndExcluding": "5.17.13", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FF255A1-64F4-4E31-AF44-C92FB8773BA2", "versionEndExcluding": "5.18.2", "versionStartIncluding": "5.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free."}, {"lang": "es", "value": "El archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones hasta 5.18.1, permite a un usuario local (capaz de crear espacios de nombres de usuario/red) escalar privilegios a root porque una comprobaci\u00f3n incorrecta de NFT_STATEFUL_EXPR conlleva a un uso de memoria previamente liberada"}], "id": "CVE-2022-32250", "lastModified": "2024-11-21T07:06:01.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-02T21:15:07.973", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/06/03/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/06/04/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/06/20/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/5"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/6"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/25/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/9"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/theori-io/CVE-2022-32250-exploit"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220715-0005/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5161"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5173"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/05/31/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/06/03/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/06/04/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/06/20/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/08/25/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/theori-io/CVE-2022-32250-exploit"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220715-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/05/31/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5236", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.71.1.rt56.1212.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5216", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5232", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.71.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5806", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.104.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:5805", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.104.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:5802", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "kernel-0:3.10.0-957.95.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:5802", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "kernel-0:3.10.0-957.95.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:5802", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kernel-0:3.10.0-957.95.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:5804", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:6073", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "kernel-0:3.10.0-1062.68.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2022-08-16T00:00:00Z"}, {"advisory": "RHSA-2022:6073", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "kernel-0:3.10.0-1062.68.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2022-08-16T00:00:00Z"}, {"advisory": "RHSA-2022:6073", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kernel-0:3.10.0-1062.68.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-08-16T00:00:00Z"}, {"advisory": "RHSA-2022:6075", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-08-16T00:00:00Z"}, {"advisory": "RHSA-2022:5834", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-372.19.1.rt7.176.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:5819", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-372.19.1.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-08-03T00:00:00Z"}, {"advisory": "RHSA-2022:5839", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-08-03T00:00:00Z"}, {"advisory": "RHSA-2022:5636", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kernel-0:4.18.0-147.70.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5648", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5224", "cpe": "cpe:/a:redhat:rhel_eus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.87.1.rt13.137.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5220", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kernel-0:4.18.0-193.87.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5476", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-07-01T00:00:00Z"}, {"advisory": "RHSA-2022:5633", "cpe": "cpe:/a:redhat:rhel_eus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.57.1.rt7.129.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5626", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kernel-0:4.18.0-305.57.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5641", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5249", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-70.17.1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-07-01T00:00:00Z"}, {"advisory": "RHSA-2022:5267", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-70.17.1.rt21.89.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5214", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5249", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-70.17.1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-07-01T00:00:00Z"}, {"advisory": "RHSA-2022:5439", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.23-20220622.0.el7_9", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2022-07-01T00:00:00Z"}, {"advisory": "RHSA-2022:5819", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.19.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-08-03T00:00:00Z"}, {"advisory": "RHSA-2022:6551", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.2-202209140405_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-09-19T00:00:00Z"}], "bugzilla": {"description": "kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root", "id": "2092427", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.", "A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue."], "mitigation": {"lang": "en:us", "value": "In order to trigger the issue, it requires the ability to create user/net namespaces.\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled."}, "name": "CVE-2022-32250", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-05-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-32250\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-32250\nhttps://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd\nhttps://www.openwall.com/lists/oss-security/2022/05/31/1"], "statement": "The latest kernel in RHCOS is kernel-4.18.0-305.49.1.el8 which does not contain the vulnerable code and is not affected, also OCP v4.9 or earlier are not affected.", "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object