CVE-2022-34918

CWE-843CWE-102520 documents10 sources
Severity
7.8HIGH
EPSS
32.3%
top 3.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux Linux KernelCanonical Ubuntu LinuxDebian Debian Linux
Timeline
PublishedJul 4
Latest updateAug 25

Description

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel4.14.14.316+5
Debianlinux< 5.10.127-2+3
Ubuntulinux-azure-fde< 5.4.0-1089.94+cvm1.2

Also affects: Debian Linux 11.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 22.04

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

6
OSV
linux-azure-fde vulnerabilities2022-08-25
Kernel
security, lsm: Introduce security_create_user_ns()2022-08-15
GHSA
GHSA-9v26-h3ph-p8v7: An issue was discovered in the Linux kernel through 52022-07-05
OSV
CVE-2022-34918: An issue was discovered in the Linux kernel through 52022-07-04
CVEList
CVE-2022-34918: An issue was discovered in the Linux kernel through 52022-07-04

📋Vendor Advisories

13
Ubuntu
Linux kernel (Azure CVM) vulnerabilities2022-08-25
Ubuntu
Kernel Live Patch Security Notice2022-08-24
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2022-08-10
Ubuntu
Linux kernel vulnerabilities2022-08-10
Ubuntu
Linux kernel vulnerabilities2022-08-10
CVE-2022-34918 (HIGH CVSS 7.8) | An issue was discovered in the Linu | cvebase.io