CVE-2022-36946Kernel vulnerability

46 documents8 sources
Severity
7.5HIGHNVD
OSV6.7OSV5.5
EPSS
5.1%
top 10.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxDebian Linux+6 more
Timeline
PublishedJul 27
Latest updateJun 15

Description

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

NVDlinux/linux_kernel2.6.144.9.326+6
Debianlinux/linux_kernel< 5.10.136-1+3
Ubuntulinux/linux_kernel< 4.15.0-193.204+3
debiandebian/linux< linux 5.18.16-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: marc.infoPatch: marc.info

🔴Vulnerability Details

21
OSV
linux-ibm vulnerabilities2022-10-14
OSV
linux-gcp-5.4 vulnerabilities2022-10-06
OSV
linux-intel-iotg vulnerabilities2022-10-04
OSV
linux-gke vulnerabilities2022-10-04
OSV
linux-azure vulnerabilities2022-10-03

📋Vendor Advisories

24
CISA ICS
​Siemens SINAMICS Medium Voltage Products2023-06-15
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
CISA ICS
Siemens SCALANCE, RUGGEDCOM Third-Party2023-03-16
Ubuntu
Linux kernel (IBM) vulnerabilities2022-10-14
Ubuntu
Linux kernel (GCP) vulnerabilities2022-10-06