Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2022-34918

Disclosure Date: July 04, 2022 •

CVE-2022-34918 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

exploit/linux/local/netfilter_nft_set_elem_init_privesc

Description

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

Products

Metasploit Modules

exploit/linux/local/netfilter_nft_set_elem_init_privesc (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/netfilter_nft_set_elem_init_privesc.rb)

References

Canonical

CVE-2022-34918 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918)

Advisory

[oss-security] 20220705 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init (http://www.openwall.com/lists/oss-security/2022/07/05/1)

DSA-5191 (https://www.debian.org/security/2022/dsa-5191)

[oss-security] 20220806 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init (http://www.openwall.com/lists/oss-security/2022/08/06/5)

https://security.netapp.com/advisory/ntap-20220826-0004/

Exploit

PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.

CVE-2022-34918 (https://github.com/veritas501/CVE-2022-34918) (Added by AKB Worker)

Miscellaneous

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6

https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/#u

https://www.openwall.com/lists/oss-security/2022/07/02/3

https://www.randorisec.fr/crack-linux-firewall/

http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html

http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html

Rapid7

Unknown

CVE-2022-34918

Unknown

Unknown

None

Low

Local

CVE-2022-34918

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

References

Canonical

Advisory

Exploit

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2022-34918

Unknown

Unknown

None

Low

Local

CVE-2022-34918

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

References

Canonical

Advisory

Exploit

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification