CVE-2022-32250 — Use After Free in Kernel

CWE-416 — Use After Free CWE-843 — Type Confusion CWE-1025 — Comparison Using Wrong Factors20 documents10 sources

Severity

7.8HIGHNVD

EPSS

1.9%

top 16.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux +7 more

Timeline

PublishedJun 2

Latest updateOct 25

Description

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶NVDlinux/linux_kernel4.1 — 4.14.316+13

▶Debianlinux/linux_kernel< 5.10.127-2+7

▶debiandebian/linux< linux 5.18.2-1 (bookworm)+1

▶msrcmsrc/cbl2_kernel_5.15.45.1-2_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_kernel_5.15.55.1-1_on_cbl_mariner_2.0

Also affects: Debian Linux 10.0, 11.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 22.04, Fedora 35, 36

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-9v26-h3ph-p8v7: An issue was discovered in the Linux kernel through 5↗2022-07-05

▶

OSV

CVE-2022-34918: An issue was discovered in the Linux kernel through 5↗2022-07-04

▶

GHSA

GHSA-rv6g-4442-j26r: net/netfilter/nf_tables_api↗2022-06-03

▶

OSV

CVE-2022-32250: net/netfilter/nf_tables_api↗2022-06-02

▶

VulnCheck

Linux Kernel Access of Resource Using Incompatible Type ('Type Confusion')↗2022

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE XCM-/XRM-300↗2024-02-15

▶

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

CISA ICS

Siemens SIMATIC S7-1500 TM MFP Linux Kernel↗2023-06-15

▶

Microsoft

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges a differen↗2022-07-12

▶

Red Hat

kernel: heap overflow in nft_set_elem_init()↗2022-07-02

▶

📄Research Papers

arXiv

PortGPT: Towards Automated Backporting Using Large Language Models↗2025-10-25

▶

arXiv

KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities↗2024-09-24

▶

arXiv

S2malloc: Statistically Secure Allocator for Use-After-Free Protection And More↗2024-05-29

▶