CVE-2022-25636 — Improper Privilege Management in Kernel

CWE-269 — Improper Privilege Management CWE-787 — Out-of-bounds Write20 documents11 sources

Severity

7.8HIGHNVD

OSV6.5

EPSS

0.4%

top 41.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux +4 more

Timeline

PublishedFeb 24

Latest updateSep 15

Description

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶NVDlinux/linux_kernel5.4 — 5.4.182+3

▶Debianlinux/linux_kernel< 5.10.103-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-104.118+3

▶debiandebian/linux< linux 5.16.11-1 (bookworm)

▶Palo Altopaloalto/pan-os

Also affects: Debian Linux 11.0

Patches

Patch: www.openwall.com ↗Patch: git.kernel.org ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

Kernel

security, lsm: Introduce security_create_user_ns()↗2022-08-15

▶

OSV

linux-intel-5.13 vulnerabilities↗2022-04-01

▶

OSV

Kernel Live Patch Security Notice↗2022-03-23

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-↗2022-03-09

▶

OSV

linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oem-5.14, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities↗2022-03-09

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Oracle

Oracle Oracle Communications Risk Matrix: Oracle Linux — CVE-2022-25636↗2022-07-15

▶

Ubuntu

Linux kernel (Intel IOTG) vulnerabilities↗2022-04-01

▶

Ubuntu

Kernel Live Patch Security Notice↗2022-03-23

▶

Ubuntu

Linux kernel vulnerabilities↗2022-03-09

▶

📄Research Papers

arXiv

BULKHEAD: Secure, Scalable, and Efficient Kernel Compartmentalization with PKS↗2024-09-15

▶

arXiv

Beyond Control: Exploring Novel File System Objects for Data-Only Attacks on Linux Systems↗2024-09-07

▶

arXiv

One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices↗2024-03-12

▶