in ,

CVE-2022-1015,CVE-2022-1016: Linux Kernel Privilege Escalation

CVE-2022-1015 pertains to an out of bounds access in nf_tables expression evaluation due to validation of user register indices. It leads to local privilege escalation, for example by overwriting a stack return address OOB with a crafted nft_expr_payload.

CVE-2022-1015 is exploitable starting from commit 345023b0db3 (“netfilter: nftables: add nft_parse_register_store() and use it”), v5.12 and has been fixed in commit 6e1acfa387b9 (“netfilter: nf_tables: validate registers coming from userspace.”).

The bug has been present since commit 49499c3e6e18 (“netfilter: nf_tables: switch registers to 32 bit addressing”), but to my knowledge has not been exploitable until v5.12.

CVE-2022-1016 pertains to uninitialized stack data in the nft_do_chain routine. CVE-2022-1016 is exploitable starting from commit 96518518cc41 (original merge of nf_tables), v3.13-rc1, and has been fixed in commit 4c905f6740a3 (“netfilter: nf_tables: initialize registers in nft_do_chain()”).

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

CVE-2022-27666: Local Privilege Escalation on Ubuntu 21.10

Exploit DOM Based XSS via Misconfigured postMessage() Function