| Summary: | (CVE-2022-1015) - linux kernel 5.15+ <{5.17.1,5.16.18,5.15.32}: out of bounds access in nf_tables expression evaluation, leads to local privilege escalation | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | CFuga <cfuga> |
| Component: | Kernel | Assignee: | Gentoo Security <security> |
| Status: | UNCONFIRMED --- | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://seclists.org/oss-sec/2022/q1/205 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 836418, 836419, 836420 | ||
| Bug Blocks: | |||
CVE-2022-1015 pertains to an out of bounds access in nf_tables expression evaluation due to validation of user register indices. It leads to local privilege escalation, for example by overwriting a stack return address OOB with a crafted nft_expr_payload. CVE-2022-1015 is exploitable starting from commit 345023b0db3 ("netfilter: nftables: add nft_parse_register_store() and use it"), v5.12 and has been fixed in commit 6e1acfa387b9 ("netfilter: nf_tables: validate registers coming from userspace."). The bug has been present since commit 49499c3e6e18 ("netfilter: nf_tables: switch registers to 32 bit addressing"), but to my knowledge has not been exploitable until v5.12. Fixed in 5.17.1, 5.16.18, 5.15.32. Reproducible: Always