CVE-2022-36946 — HIGH (7.5)

Q: How severe is CVE-2022-36946?

CVE-2022-36946 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-36946?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Netapp Active Iq Unified Manager, Netapp Solidfire \& Hci Management Node, Netapp Solidfire \& Hci Storage Node.

Vulnerability Description

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.6.14, < 4.9.326
Debian	Debian Linux	10.0
Netapp	Active Iq Unified Manager	-
Netapp	Solidfire \& Hci Management Node	-
Netapp	Solidfire \& Hci Storage Node	-
Netapp	Solidfire Enterprise Sds	-
Netapp	Hci Compute Node	-

References

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63
https://lists.debian.org/debian-lts-announce/2022/09/msg00011.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.htmlMailing ListThird Party Advisory
https://marc.info/?l=netfilter-devel&m=165883202007292&w=2Mailing ListPatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20220901-0007/Third Party Advisory
https://www.debian.org/security/2022/dsa-5207Third Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63
https://lists.debian.org/debian-lts-announce/2022/09/msg00011.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.htmlMailing ListThird Party Advisory
https://marc.info/?l=netfilter-devel&m=165883202007292&w=2Mailing ListPatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20220901-0007/Third Party Advisory
https://www.debian.org/security/2022/dsa-5207Third Party Advisory

FAQ

What is CVE-2022-36946?

CVE-2022-36946 is a vulnerability with a CVSS score of 7.5 (HIGH). nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-...

How severe is CVE-2022-36946?

CVE-2022-36946 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36946?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Netapp Active Iq Unified Manager, Netapp Solidfire \& Hci Management Node, Netapp Solidfire \& Hci Storage Node.