An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
07 Nov 2023, 03:48
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
16 May 2023, 11:00
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html - Third Party Advisory, VDB Entry |
26 Oct 2022, 17:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* |
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/08/06/5 - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5191 - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html - Exploit, Third Party Advisory | |
References | (MISC) https://www.randorisec.fr/crack-linux-firewall/ - Exploit, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220826-0004/ - Third Party Advisory | |
First Time |
Netapp h500s
Canonical ubuntu Linux Canonical Netapp h410s Firmware Debian Netapp h700s Netapp h300s Netapp h410c Netapp h410c Firmware Debian debian Linux Netapp Netapp h300s Firmware Netapp h700s Firmware Netapp h410s Netapp h500s Firmware |
28 Sep 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Aug 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Aug 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Aug 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jul 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jul 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2022, 14:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6 - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/07/05/1 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2022/07/02/3 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/#u - Exploit, Mailing List, Vendor Advisory | |
CWE | CWE-843 | |
First Time |
Linux
Linux linux Kernel |
|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
05 Jul 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-04 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-34918
Mitre link : CVE-2022-34918
CVE.ORG link : CVE-2022-34918
JSON object : View
Products Affected
netapp
- h410c_firmware
- h410c
- h410s
- h500s
- h700s
- h700s_firmware
- h410s_firmware
- h300s
- h300s_firmware
- h500s_firmware
canonical
- ubuntu_linux
linux
- linux_kernel
debian
- debian_linux
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')