CVE-2022-25636

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	5.4 (including)	5.4.182 (excluding)
Linux_kernel	Linux	5.5 (including)	5.10.103 (excluding)
Linux_kernel	Linux	5.11 (including)	5.15.26 (excluding)
Linux_kernel	Linux	5.16 (including)	5.16.12 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html
http://www.openwall.com/lists/oss-security/2022/02/22/1
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6
https://github.com/Bonfee/CVE-2022-25636
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
https://security.netapp.com/advisory/ntap-20220325-0002/
https://www.debian.org/security/2022/dsa-5095
https://www.openwall.com/lists/oss-security/2022/02/21/2
https://www.oracle.com/security-alerts/cpujul2022.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-25636
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References