An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 4.1 (including) | 4.14.316 (excluding) |
Linux_kernel | Linux | 4.15 (including) | 4.19.284 (excluding) |
Linux_kernel | Linux | 4.20 (including) | 5.4.244 (excluding) |
Linux_kernel | Linux | 5.5 (including) | 5.10.130 (excluding) |
Linux_kernel | Linux | 5.11 (including) | 5.15.54 (excluding) |
Linux_kernel | Linux | 5.16 (including) | 5.18.11 (excluding) |
Red Hat Enterprise Linux 9 | RedHat | kernel-0:5.14.0-70.26.1.el9_0 | * |
Red Hat Enterprise Linux 9 | RedHat | kernel-rt-0:5.14.0-70.26.1.rt21.98.el9_0 | * |
Red Hat Enterprise Linux 9 | RedHat | kpatch-patch | * |
Red Hat Enterprise Linux 9 | RedHat | kernel-0:5.14.0-70.26.1.el9_0 | * |
Linux | Ubuntu | bionic | * |
Linux | Ubuntu | esm-infra/xenial | * |
Linux | Ubuntu | focal | * |
Linux | Ubuntu | impish | * |
Linux | Ubuntu | jammy | * |
Linux | Ubuntu | upstream | * |
Linux | Ubuntu | xenial | * |
Linux-allwinner | Ubuntu | upstream | * |
Linux-allwinner-5.19 | Ubuntu | upstream | * |
Linux-aws | Ubuntu | bionic | * |
Linux-aws | Ubuntu | esm-infra/xenial | * |
Linux-aws | Ubuntu | focal | * |
Linux-aws | Ubuntu | impish | * |
Linux-aws | Ubuntu | jammy | * |
Linux-aws | Ubuntu | trusty | * |
Linux-aws | Ubuntu | trusty/esm | * |
Linux-aws | Ubuntu | upstream | * |
Linux-aws | Ubuntu | xenial | * |
Linux-aws-5.0 | Ubuntu | bionic | * |
Linux-aws-5.0 | Ubuntu | esm-infra/bionic | * |
Linux-aws-5.0 | Ubuntu | upstream | * |
Linux-aws-5.11 | Ubuntu | focal | * |
Linux-aws-5.11 | Ubuntu | upstream | * |
Linux-aws-5.13 | Ubuntu | focal | * |
Linux-aws-5.13 | Ubuntu | upstream | * |
Linux-aws-5.15 | Ubuntu | focal | * |
Linux-aws-5.15 | Ubuntu | upstream | * |
Linux-aws-5.19 | Ubuntu | upstream | * |
Linux-aws-5.3 | Ubuntu | bionic | * |
Linux-aws-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-aws-5.3 | Ubuntu | upstream | * |
Linux-aws-5.4 | Ubuntu | bionic | * |
Linux-aws-5.4 | Ubuntu | upstream | * |
Linux-aws-5.8 | Ubuntu | focal | * |
Linux-aws-5.8 | Ubuntu | upstream | * |
Linux-aws-6.2 | Ubuntu | upstream | * |
Linux-aws-6.5 | Ubuntu | upstream | * |
Linux-aws-6.8 | Ubuntu | upstream | * |
Linux-aws-fips | Ubuntu | fips-updates/bionic | * |
Linux-aws-fips | Ubuntu | fips-updates/focal | * |
Linux-aws-fips | Ubuntu | fips/bionic | * |
Linux-aws-fips | Ubuntu | fips/focal | * |
Linux-aws-fips | Ubuntu | trusty | * |
Linux-aws-fips | Ubuntu | upstream | * |
Linux-aws-fips | Ubuntu | xenial | * |
Linux-aws-hwe | Ubuntu | esm-infra/xenial | * |
Linux-aws-hwe | Ubuntu | upstream | * |
Linux-aws-hwe | Ubuntu | xenial | * |
Linux-azure | Ubuntu | bionic | * |
Linux-azure | Ubuntu | esm-infra/bionic | * |
Linux-azure | Ubuntu | esm-infra/xenial | * |
Linux-azure | Ubuntu | focal | * |
Linux-azure | Ubuntu | impish | * |
Linux-azure | Ubuntu | jammy | * |
Linux-azure | Ubuntu | trusty | * |
Linux-azure | Ubuntu | trusty/esm | * |
Linux-azure | Ubuntu | upstream | * |
Linux-azure | Ubuntu | xenial | * |
Linux-azure-4.15 | Ubuntu | bionic | * |
Linux-azure-4.15 | Ubuntu | upstream | * |
Linux-azure-5.11 | Ubuntu | focal | * |
Linux-azure-5.11 | Ubuntu | upstream | * |
Linux-azure-5.13 | Ubuntu | focal | * |
Linux-azure-5.13 | Ubuntu | upstream | * |
Linux-azure-5.15 | Ubuntu | focal | * |
Linux-azure-5.15 | Ubuntu | upstream | * |
Linux-azure-5.19 | Ubuntu | upstream | * |
Linux-azure-5.3 | Ubuntu | bionic | * |
Linux-azure-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-azure-5.3 | Ubuntu | upstream | * |
Linux-azure-5.4 | Ubuntu | bionic | * |
Linux-azure-5.4 | Ubuntu | upstream | * |
Linux-azure-5.8 | Ubuntu | focal | * |
Linux-azure-5.8 | Ubuntu | upstream | * |
Linux-azure-6.2 | Ubuntu | upstream | * |
Linux-azure-6.5 | Ubuntu | upstream | * |
Linux-azure-6.8 | Ubuntu | upstream | * |
Linux-azure-edge | Ubuntu | bionic | * |
Linux-azure-edge | Ubuntu | esm-infra/bionic | * |
Linux-azure-edge | Ubuntu | upstream | * |
Linux-azure-fde | Ubuntu | focal | * |
Linux-azure-fde | Ubuntu | upstream | * |
Linux-azure-fde-5.15 | Ubuntu | upstream | * |
Linux-azure-fde-5.19 | Ubuntu | upstream | * |
Linux-azure-fde-6.2 | Ubuntu | upstream | * |
Linux-azure-fips | Ubuntu | fips-updates/bionic | * |
Linux-azure-fips | Ubuntu | fips-updates/focal | * |
Linux-azure-fips | Ubuntu | fips/bionic | * |
Linux-azure-fips | Ubuntu | fips/focal | * |
Linux-azure-fips | Ubuntu | trusty | * |
Linux-azure-fips | Ubuntu | upstream | * |
Linux-azure-fips | Ubuntu | xenial | * |
Linux-bluefield | Ubuntu | focal | * |
Linux-bluefield | Ubuntu | upstream | * |
Linux-dell300x | Ubuntu | bionic | * |
Linux-dell300x | Ubuntu | upstream | * |
Linux-fips | Ubuntu | fips-updates/bionic | * |
Linux-fips | Ubuntu | fips-updates/focal | * |
Linux-fips | Ubuntu | fips-updates/xenial | * |
Linux-fips | Ubuntu | fips/bionic | * |
Linux-fips | Ubuntu | fips/focal | * |
Linux-fips | Ubuntu | fips/xenial | * |
Linux-fips | Ubuntu | upstream | * |
Linux-gcp | Ubuntu | bionic | * |
Linux-gcp | Ubuntu | esm-infra/bionic | * |
Linux-gcp | Ubuntu | esm-infra/xenial | * |
Linux-gcp | Ubuntu | focal | * |
Linux-gcp | Ubuntu | impish | * |
Linux-gcp | Ubuntu | jammy | * |
Linux-gcp | Ubuntu | upstream | * |
Linux-gcp | Ubuntu | xenial | * |
Linux-gcp-4.15 | Ubuntu | bionic | * |
Linux-gcp-4.15 | Ubuntu | upstream | * |
Linux-gcp-5.11 | Ubuntu | focal | * |
Linux-gcp-5.11 | Ubuntu | upstream | * |
Linux-gcp-5.13 | Ubuntu | focal | * |
Linux-gcp-5.13 | Ubuntu | upstream | * |
Linux-gcp-5.15 | Ubuntu | focal | * |
Linux-gcp-5.15 | Ubuntu | upstream | * |
Linux-gcp-5.19 | Ubuntu | upstream | * |
Linux-gcp-5.3 | Ubuntu | bionic | * |
Linux-gcp-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-gcp-5.3 | Ubuntu | upstream | * |
Linux-gcp-5.4 | Ubuntu | bionic | * |
Linux-gcp-5.4 | Ubuntu | upstream | * |
Linux-gcp-5.8 | Ubuntu | focal | * |
Linux-gcp-5.8 | Ubuntu | upstream | * |
Linux-gcp-6.2 | Ubuntu | upstream | * |
Linux-gcp-6.5 | Ubuntu | upstream | * |
Linux-gcp-6.8 | Ubuntu | upstream | * |
Linux-gcp-fips | Ubuntu | fips-updates/bionic | * |
Linux-gcp-fips | Ubuntu | fips-updates/focal | * |
Linux-gcp-fips | Ubuntu | fips/bionic | * |
Linux-gcp-fips | Ubuntu | fips/focal | * |
Linux-gcp-fips | Ubuntu | trusty | * |
Linux-gcp-fips | Ubuntu | upstream | * |
Linux-gcp-fips | Ubuntu | xenial | * |
Linux-gke | Ubuntu | focal | * |
Linux-gke | Ubuntu | jammy | * |
Linux-gke | Ubuntu | upstream | * |
Linux-gke | Ubuntu | xenial | * |
Linux-gke-4.15 | Ubuntu | bionic | * |
Linux-gke-4.15 | Ubuntu | esm-infra/bionic | * |
Linux-gke-4.15 | Ubuntu | upstream | * |
Linux-gke-5.0 | Ubuntu | bionic | * |
Linux-gke-5.0 | Ubuntu | upstream | * |
Linux-gke-5.15 | Ubuntu | focal | * |
Linux-gke-5.15 | Ubuntu | upstream | * |
Linux-gke-5.3 | Ubuntu | bionic | * |
Linux-gke-5.3 | Ubuntu | upstream | * |
Linux-gke-5.4 | Ubuntu | bionic | * |
Linux-gke-5.4 | Ubuntu | upstream | * |
Linux-gkeop | Ubuntu | focal | * |
Linux-gkeop | Ubuntu | jammy | * |
Linux-gkeop | Ubuntu | upstream | * |
Linux-gkeop-5.15 | Ubuntu | upstream | * |
Linux-gkeop-5.4 | Ubuntu | bionic | * |
Linux-gkeop-5.4 | Ubuntu | upstream | * |
Linux-hwe | Ubuntu | bionic | * |
Linux-hwe | Ubuntu | esm-infra/bionic | * |
Linux-hwe | Ubuntu | esm-infra/xenial | * |
Linux-hwe | Ubuntu | upstream | * |
Linux-hwe | Ubuntu | xenial | * |
Linux-hwe-5.11 | Ubuntu | focal | * |
Linux-hwe-5.11 | Ubuntu | upstream | * |
Linux-hwe-5.13 | Ubuntu | focal | * |
Linux-hwe-5.13 | Ubuntu | upstream | * |
Linux-hwe-5.15 | Ubuntu | focal | * |
Linux-hwe-5.15 | Ubuntu | upstream | * |
Linux-hwe-5.19 | Ubuntu | upstream | * |
Linux-hwe-5.4 | Ubuntu | bionic | * |
Linux-hwe-5.4 | Ubuntu | upstream | * |
Linux-hwe-5.8 | Ubuntu | focal | * |
Linux-hwe-5.8 | Ubuntu | upstream | * |
Linux-hwe-6.2 | Ubuntu | upstream | * |
Linux-hwe-6.5 | Ubuntu | upstream | * |
Linux-hwe-6.8 | Ubuntu | upstream | * |
Linux-hwe-edge | Ubuntu | bionic | * |
Linux-hwe-edge | Ubuntu | esm-infra/bionic | * |
Linux-hwe-edge | Ubuntu | esm-infra/xenial | * |
Linux-hwe-edge | Ubuntu | upstream | * |
Linux-hwe-edge | Ubuntu | xenial | * |
Linux-ibm | Ubuntu | focal | * |
Linux-ibm | Ubuntu | jammy | * |
Linux-ibm | Ubuntu | upstream | * |
Linux-ibm-5.15 | Ubuntu | upstream | * |
Linux-ibm-5.4 | Ubuntu | bionic | * |
Linux-ibm-5.4 | Ubuntu | upstream | * |
Linux-intel | Ubuntu | upstream | * |
Linux-intel-5.13 | Ubuntu | focal | * |
Linux-intel-5.13 | Ubuntu | upstream | * |
Linux-intel-iot-realtime | Ubuntu | upstream | * |
Linux-intel-iotg | Ubuntu | jammy | * |
Linux-intel-iotg | Ubuntu | upstream | * |
Linux-intel-iotg-5.15 | Ubuntu | focal | * |
Linux-intel-iotg-5.15 | Ubuntu | upstream | * |
Linux-iot | Ubuntu | focal | * |
Linux-iot | Ubuntu | upstream | * |
Linux-kvm | Ubuntu | bionic | * |
Linux-kvm | Ubuntu | esm-infra/xenial | * |
Linux-kvm | Ubuntu | focal | * |
Linux-kvm | Ubuntu | impish | * |
Linux-kvm | Ubuntu | jammy | * |
Linux-kvm | Ubuntu | upstream | * |
Linux-kvm | Ubuntu | xenial | * |
Linux-laptop | Ubuntu | upstream | * |
Linux-lowlatency | Ubuntu | jammy | * |
Linux-lowlatency | Ubuntu | upstream | * |
Linux-lowlatency-hwe-5.15 | Ubuntu | focal | * |
Linux-lowlatency-hwe-5.15 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-5.19 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.2 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.5 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.8 | Ubuntu | upstream | * |
Linux-lts-xenial | Ubuntu | trusty | * |
Linux-lts-xenial | Ubuntu | trusty/esm | * |
Linux-lts-xenial | Ubuntu | upstream | * |
Linux-nvidia | Ubuntu | upstream | * |
Linux-nvidia-6.2 | Ubuntu | upstream | * |
Linux-nvidia-6.5 | Ubuntu | upstream | * |
Linux-nvidia-6.8 | Ubuntu | upstream | * |
Linux-nvidia-lowlatency | Ubuntu | upstream | * |
Linux-oem | Ubuntu | bionic | * |
Linux-oem | Ubuntu | esm-infra/bionic | * |
Linux-oem | Ubuntu | upstream | * |
Linux-oem | Ubuntu | xenial | * |
Linux-oem-5.10 | Ubuntu | focal | * |
Linux-oem-5.10 | Ubuntu | upstream | * |
Linux-oem-5.13 | Ubuntu | focal | * |
Linux-oem-5.13 | Ubuntu | upstream | * |
Linux-oem-5.14 | Ubuntu | focal | * |
Linux-oem-5.14 | Ubuntu | upstream | * |
Linux-oem-5.17 | Ubuntu | jammy | * |
Linux-oem-5.17 | Ubuntu | kinetic | * |
Linux-oem-5.17 | Ubuntu | upstream | * |
Linux-oem-5.6 | Ubuntu | focal | * |
Linux-oem-5.6 | Ubuntu | upstream | * |
Linux-oem-6.0 | Ubuntu | upstream | * |
Linux-oem-6.1 | Ubuntu | upstream | * |
Linux-oem-6.11 | Ubuntu | upstream | * |
Linux-oem-6.5 | Ubuntu | upstream | * |
Linux-oem-6.8 | Ubuntu | upstream | * |
Linux-oem-osp1 | Ubuntu | bionic | * |
Linux-oem-osp1 | Ubuntu | upstream | * |
Linux-oracle | Ubuntu | bionic | * |
Linux-oracle | Ubuntu | esm-infra/xenial | * |
Linux-oracle | Ubuntu | focal | * |
Linux-oracle | Ubuntu | impish | * |
Linux-oracle | Ubuntu | jammy | * |
Linux-oracle | Ubuntu | upstream | * |
Linux-oracle | Ubuntu | xenial | * |
Linux-oracle-5.0 | Ubuntu | bionic | * |
Linux-oracle-5.0 | Ubuntu | esm-infra/bionic | * |
Linux-oracle-5.0 | Ubuntu | upstream | * |
Linux-oracle-5.11 | Ubuntu | focal | * |
Linux-oracle-5.11 | Ubuntu | upstream | * |
Linux-oracle-5.13 | Ubuntu | focal | * |
Linux-oracle-5.13 | Ubuntu | upstream | * |
Linux-oracle-5.15 | Ubuntu | focal | * |
Linux-oracle-5.15 | Ubuntu | upstream | * |
Linux-oracle-5.3 | Ubuntu | bionic | * |
Linux-oracle-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-oracle-5.3 | Ubuntu | upstream | * |
Linux-oracle-5.4 | Ubuntu | bionic | * |
Linux-oracle-5.4 | Ubuntu | upstream | * |
Linux-oracle-5.8 | Ubuntu | focal | * |
Linux-oracle-5.8 | Ubuntu | upstream | * |
Linux-oracle-6.5 | Ubuntu | upstream | * |
Linux-oracle-6.8 | Ubuntu | upstream | * |
Linux-raspi | Ubuntu | focal | * |
Linux-raspi | Ubuntu | impish | * |
Linux-raspi | Ubuntu | jammy | * |
Linux-raspi | Ubuntu | upstream | * |
Linux-raspi-5.4 | Ubuntu | bionic | * |
Linux-raspi-5.4 | Ubuntu | upstream | * |
Linux-raspi-realtime | Ubuntu | upstream | * |
Linux-raspi2 | Ubuntu | bionic | * |
Linux-raspi2 | Ubuntu | focal | * |
Linux-raspi2 | Ubuntu | upstream | * |
Linux-raspi2 | Ubuntu | xenial | * |
Linux-raspi2-5.3 | Ubuntu | bionic | * |
Linux-raspi2-5.3 | Ubuntu | upstream | * |
Linux-realtime | Ubuntu | jammy | * |
Linux-realtime | Ubuntu | realtime/jammy | * |
Linux-realtime | Ubuntu | upstream | * |
Linux-riscv | Ubuntu | focal | * |
Linux-riscv | Ubuntu | impish | * |
Linux-riscv | Ubuntu | jammy | * |
Linux-riscv | Ubuntu | upstream | * |
Linux-riscv-5.11 | Ubuntu | focal | * |
Linux-riscv-5.11 | Ubuntu | upstream | * |
Linux-riscv-5.15 | Ubuntu | focal | * |
Linux-riscv-5.15 | Ubuntu | upstream | * |
Linux-riscv-5.19 | Ubuntu | upstream | * |
Linux-riscv-5.8 | Ubuntu | focal | * |
Linux-riscv-5.8 | Ubuntu | upstream | * |
Linux-riscv-6.5 | Ubuntu | upstream | * |
Linux-riscv-6.8 | Ubuntu | upstream | * |
Linux-snapdragon | Ubuntu | bionic | * |
Linux-snapdragon | Ubuntu | upstream | * |
Linux-snapdragon | Ubuntu | xenial | * |
Linux-starfive | Ubuntu | upstream | * |
Linux-starfive-5.19 | Ubuntu | upstream | * |
Linux-starfive-6.2 | Ubuntu | upstream | * |
Linux-starfive-6.5 | Ubuntu | upstream | * |
Linux-xilinx-zynqmp | Ubuntu | upstream | * |
When the product accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access. While this weakness is frequently associated with unions when parsing data with many different embedded object types in C, it can be present in any application that can interpret the same variable or memory location in multiple ways. This weakness is not unique to C and C++. For example, errors in PHP applications can be triggered by providing array parameters when scalars are expected, or vice versa. Languages such as Perl, which perform automatic conversion of a variable of one type when it is accessed as if it were another type, can also contain these issues.