CVE-2022-1015Out-of-bounds Write in Kernel

CWE-787Out-of-bounds Write18 documents8 sources
Severity
6.6MEDIUMNVD
OSV4.6OSV4.4
EPSS
1.5%
top 18.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxFedoraproject Fedora+6 more
Timeline
PublishedApr 29
Latest updateSep 15

Description

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:HExploitability: 1.8 | Impact: 4.7

Affected Packages11 packages

NVDlinux/linux_kernel< 5.16.18
Debianlinux/linux_kernel< 5.16.18-1+2
Ubuntulinux/linux_kernel< 5.15.0-27.28+2
CVEListV5linux/linux_kernelKernel 5.16.18
debiandebian/linux< linux 5.16.18-1 (bookworm)

Also affects: Fedora 35

🔴Vulnerability Details

6
OSV
Kernel Live Patch Security Notice2022-11-16
OSV
linux-raspi vulnerabilities2022-05-03
OSV
CVE-2022-1015: A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api2022-04-29
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-kvm, linux-lowlatency vulnerabilities2022-04-26
OSV
linux-oem-5.14 vulnerabilities2022-04-20

📋Vendor Advisories

10
CISA ICS
Siemens TIM 1531 IRC2024-06-13
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
Kernel Live Patch Security Notice2022-11-16
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2022-05-03
Ubuntu
Linux kernel vulnerabilities2022-04-26

📄Research Papers

1
arXiv
BULKHEAD: Secure, Scalable, and Efficient Kernel Compartmentalization with PKS2024-09-15