net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2022/02/22/1 | Mailing List Patch Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6 | Patch Vendor Advisory |
https://github.com/Bonfee/CVE-2022-25636 | Exploit Third Party Advisory |
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/ | Exploit Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220325-0002/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5095 | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/02/21/2 | Exploit Mailing List Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
09 Nov 2023, 13:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h500e
Netapp h410c Netapp h300e Netapp h500s Netapp h700s Netapp h410s Netapp h700e Netapp h300s |
|
CPE | cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:*:*:*:*:*:*:* |
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* |
24 Feb 2023, 15:29
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* |
|
First Time |
Oracle communications Cloud Native Core Policy
Oracle communications Cloud Native Core Binding Support Function Oracle Oracle communications Cloud Native Core Network Exposure Function |
25 Jul 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 May 2022, 20:39
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5095 - Third Party Advisory | |
References | (MISC) https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/ - Exploit, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220325-0002/ - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html - Third Party Advisory | |
References | (MISC) https://github.com/Bonfee/CVE-2022-25636 - Exploit, Third Party Advisory | |
First Time |
Debian debian Linux
Netapp baseboard Management Controller H410s Debian Netapp Netapp baseboard Management Controller H500s Netapp baseboard Management Controller H700e Netapp baseboard Management Controller H700s Netapp baseboard Management Controller H500e Netapp baseboard Management Controller H410c Netapp baseboard Management Controller H300e Netapp baseboard Management Controller H300s |
|
CPE | cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:*:*:*:*:*:*:* |
25 Mar 2022, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Mar 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Mar 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Mar 2022, 17:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Mar 2022, 17:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 7.8 |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/02/22/1 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6 - Patch, Vendor Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2022/02/21/2 - Exploit, Mailing List, Third Party Advisory | |
CWE | CWE-269 | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
First Time |
Linux linux Kernel
Linux |
24 Feb 2022, 16:02
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-24 15:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-25636
Mitre link : CVE-2022-25636
CVE.ORG link : CVE-2022-25636
JSON object : View
Products Affected
debian
- debian_linux
netapp
- h700s
- h410c
- h410s
- h300e
- h500e
- h700e
- h500s
- h300s
oracle
- communications_cloud_native_core_policy
- communications_cloud_native_core_network_exposure_function
- communications_cloud_native_core_binding_support_function
linux
- linux_kernel
CWE
CWE-269
Improper Privilege Management