Vulnerability Description
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.1, < 4.14.316 |
| Debian | Debian Linux | 11.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
| Netapp | H410C Firmware | - |
| Netapp | H410C | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-OveExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/07/05/1ExploitMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/08/06/5Mailing ListThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1Mailing ListPatchVendor Advisory
- https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40r
- https://security.netapp.com/advisory/ntap-20220826-0004/Third Party Advisory
- https://www.debian.org/security/2022/dsa-5191Third Party Advisory
- https://www.openwall.com/lists/oss-security/2022/07/02/3ExploitMailing ListThird Party Advisory
- https://www.randorisec.fr/crack-linux-firewall/ExploitThird Party Advisory
- http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-OveExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/07/05/1ExploitMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/08/06/5Mailing ListThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1Mailing ListPatchVendor Advisory
FAQ
What is CVE-2022-34918?
CVE-2022-34918 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a differe...
How severe is CVE-2022-34918?
CVE-2022-34918 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-34918?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux, Netapp H300S Firmware, Netapp H300S.