Linux Kernel privilege escalation | CVE-2022-25636
NAME
Linux Kernel privilege escalation
- Platforms Affected:
Linux Kernel 5.4
Linux Kernel 5.5
Linux Kernel 5.6.0
Linux Kernel 5.7.0
Linux Kernel 5.8.0
Linux Kernel 5.9
Linux Kernel 5.10
Linux Kernel 5.11
Linux Kernel 5.12
Linux Kernel 5.13
Linux Kernel 5.14
Linux Kernel 5.15
Linux Kernel 5.16 - Risk Level:
7.8 - Exploitability:
Proof of Concept - Consequences:
Gain Privileges
DESCRIPTION
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write in the nft_fwd_dup_netdev_offload function in nf_dup_netdev.c. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://seclists.org/oss-sec/2022/q1/152 - Reference Link:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
