Vulnerability Details : CVE-2022-32250
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2022-32250
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-32250
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
nvd@nist.gov |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
nvd@nist.gov |
CWE ids for CVE-2022-32250
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-32250
-
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
[SECURITY] [DLA 3065-1] linux security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/
[SECURITY] Fedora 35 Update: kernel-5.17.13-200.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/theori-io/CVE-2022-32250-exploit
GitHub - theori-io/CVE-2022-32250-exploitExploit;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/06/20/1
oss-security - Re: Linux Kernel use-after-free write in netfilterMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/07/03/6
oss-security - Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?Mailing List;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5161
Debian -- Security Information -- DSA-5161-1 linuxThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/06/04/1
oss-security - Re: Linux Kernel use-after-free write in netfilterMailing List;Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20220715-0005/
CVE-2022-32250 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/08/25/1
oss-security - Re: Linux Kernel use-after-free write in netfilterMailing List;Patch;Third Party Advisory
-
https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
Linux Kernel Exploit (CVE-2022-32250) with mqueue | TheoriExploit;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/09/02/9
oss-security - Re: Linux Kernel use-after-free write in netfilterMailing List;Third Party Advisory
-
https://www.openwall.com/lists/oss-security/2022/05/31/1
oss-security - Linux Kernel use-after-free write in netfilterExploit;Mailing List;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/06/03/1
oss-security - Re: Linux Kernel use-after-free write in netfilterExploit;Mailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/
[SECURITY] Fedora 36 Update: kernel-5.17.13-300.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/07/03/5
oss-security - Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2092427
2092427 – (CVE-2022-1966) CVE-2022-1966 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to rootIssue Tracking;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd
kernel/git/netdev/net.git - Netdev Group's networking treeMailing List;Patch;Vendor Advisory
-
https://www.debian.org/security/2022/dsa-5173
Debian -- Security Information -- DSA-5173-1 linuxThird Party Advisory
Products affected by CVE-2022-32250
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*