CVE-2022-34918

high-risk

Published 2022-07-04

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Do I need to act?

32.3% chance of exploitation in next 30 days

EPSS score — higher than 68% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (12)

Linux Kernel

Debian Linux

Ubuntu Linux

H300S Firmware

H500S Firmware

H700S Firmware

H410S Firmware

H410C Firmware

Affected Vendors

Debian Linux Canonical Netapp

References (20)

Third Party Advisory http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LS...

Exploit http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Ove...

Exploit http://www.openwall.com/lists/oss-security/2022/07/05/1

Mailing List http://www.openwall.com/lists/oss-security/2022/08/06/5

Mailing List https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1...

https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40r...

Third Party Advisory https://security.netapp.com/advisory/ntap-20220826-0004/

Third Party Advisory https://www.debian.org/security/2022/dsa-5191

Exploit https://www.openwall.com/lists/oss-security/2022/07/02/3

Exploit https://www.randorisec.fr/crack-linux-firewall/