net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
07 Nov 2023, 03:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
09 Sep 2022, 20:39
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/theori-io/CVE-2022-32250-exploit - Exploit, Third Party Advisory | |
References | (MISC) https://www.debian.org/security/2022/dsa-5161 - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/07/03/6 - Mailing List, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2092427 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/ - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/09/02/9 - Mailing List, Third Party Advisory | |
References | (MISC) https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/ - Exploit, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/07/03/5 - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5173 - Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/ - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/08/25/1 - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/06/20/1 - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220715-0005/ - Third Party Advisory | |
CPE | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Fedoraproject fedora Netapp h300s Firmware Netapp h700s Firmware Netapp h410c Firmware Debian Netapp h500s Firmware Netapp h410c Netapp h500s Netapp h700s Netapp Netapp h300s Netapp h410s Debian debian Linux Netapp h410s Firmware |
02 Sep 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Aug 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Aug 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Jul 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jul 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jul 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jun 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jun 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jun 2022, 02:27
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 | |
References | (MISC) https://www.openwall.com/lists/oss-security/2022/05/31/1 - Exploit, Mailing List, Patch, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/06/03/1 - Exploit, Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/06/04/1 - Mailing List, Patch, Third Party Advisory | |
First Time |
Linux
Linux linux Kernel |
|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
05 Jun 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jun 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jun 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-02 21:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-32250
Mitre link : CVE-2022-32250
CVE.ORG link : CVE-2022-32250
JSON object : View
Products Affected
netapp
- h500s
- h410c
- h700s_firmware
- h410s
- h500s_firmware
- h300s
- h700s
- h300s_firmware
- h410s_firmware
- h410c_firmware
linux
- linux_kernel
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-416
Use After Free