Vulnerability Details : CVE-2022-32250
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
Vulnerability category: Memory Corruption
Products affected by CVE-2022-32250
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-32250
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-32250
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-32250
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-32250
-
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
[SECURITY] [DLA 3065-1] linux security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/
[SECURITY] Fedora 35 Update: kernel-5.17.13-200.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/theori-io/CVE-2022-32250-exploit
GitHub - theori-io/CVE-2022-32250-exploitExploit;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/06/20/1
oss-security - Re: Linux Kernel use-after-free write in netfilterMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/07/03/6
oss-security - Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?Mailing List;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5161
Debian -- Security Information -- DSA-5161-1 linuxThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/06/04/1
oss-security - Re: Linux Kernel use-after-free write in netfilterMailing List;Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20220715-0005/
CVE-2022-32250 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/08/25/1
oss-security - Re: Linux Kernel use-after-free write in netfilterMailing List;Patch;Third Party Advisory
-
https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
Linux Kernel Exploit (CVE-2022-32250) with mqueue | TheoriExploit;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/09/02/9
oss-security - Re: Linux Kernel use-after-free write in netfilterMailing List;Third Party Advisory
-
https://www.openwall.com/lists/oss-security/2022/05/31/1
oss-security - Linux Kernel use-after-free write in netfilterExploit;Mailing List;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/06/03/1
oss-security - Re: Linux Kernel use-after-free write in netfilterExploit;Mailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/
[SECURITY] Fedora 36 Update: kernel-5.17.13-300.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/07/03/5
oss-security - Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2092427
2092427 – (CVE-2022-1966) CVE-2022-1966 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to rootIssue Tracking;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd
kernel/git/netdev/net.git - Netdev Group's networking treeMailing List;Patch;Vendor Advisory
-
https://www.debian.org/security/2022/dsa-5173
Debian -- Security Information -- DSA-5173-1 linuxThird Party Advisory
Jump to