[SRU][OEM-5.14/Jammy/OEM-5.17][PATCH 0/1] CVE-2022-34918
Cengiz Can
cengiz.can at canonical.com
Wed Jul 6 15:24:49 UTC 2022
[Impact]
An issue was discovered in the Linux kernel through 5.18.9. A type
confusion bug in nft_set_elem_init (leading to a buffer overflow) could
be used by a local attacker to escalate privileges, a different
vulnerability than CVE-2022-32250. (The attacker can obtain root access,
but must start with an unprivileged user namespace to obtain
CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in
net/netfilter/nf_tables_api.c.
[Fix]
Fix was cherry-picked from net tree.
[Test case]
Publicly shared PoC was tested with `slub_debug=FZP`.
Made sure that PoC is no longer applicable after patch.
[Potential regression]
Unknown.
Pablo Neira Ayuso (1):
netfilter: nf_tables: stricter validation of element data
net/netfilter/nf_tables_api.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list