7.8
CVSSv3

CVE-2022-25636

Published: 24/02/2022 Updated: 10/05/2022
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 up to and including 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 11.0

netapp baseboard management controller h410c -

netapp baseboard management controller h300s -

netapp baseboard management controller h500s -

netapp baseboard management controller h700s -

netapp baseboard management controller h300e -

netapp baseboard management controller h500e -

netapp baseboard management controller h700e -

netapp baseboard management controller h410s -

Vendor Advisories

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detai ...
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat P ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated this ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product S ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdevc in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a pri ...
Synopsis Moderate: OpenShift Container Platform 4750 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4750 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platfo ...
Synopsis Moderate: Red Hat OpenShift Logging Security and Bug update Release 541 Type/Severity Security Advisory: Moderate Topic Logging Subsystem 541 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed se ...
Synopsis Moderate: Red Hat Advanced Cluster Management 2310 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 2310 GeneralAvailability release images, which provide security updates and bug fixesRed Hat Product Security has rated this update as having a secur ...
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_apic of the netfilter subsystem This flaw allows a local user to cause an out-of-bounds write issue (CVE-2022-1015) A flaw was found in the Linux kernel in net/netfilter/nf_tables_corec:nft_do_chain, which can cause a use-after-free This issue needs to handle return with pro ...
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_apic of the netfilter subsystem This flaw allows a local user to cause an out-of-bounds write issue (CVE-2022-1015) A flaw was found in the Linux kernel in net/netfilter/nf_tables_corec:nft_do_chain, which can cause a use-after-free This issue needs to handle return with pro ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2020-36310 A flaw was discovered in the KVM implementation for AMD processors, which could lead to an infinite loop A malicious VM guest could exploit this to cause a denial of service ...
Synopsis Moderate: Red Hat OpenShift Logging Security and Bug update Release 537 Type/Severity Security Advisory: Moderate Topic Openshift Logging Bug Fix Release (537)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed seve ...
Synopsis Moderate: Openshift Logging Security and Bug update Release (5210) Type/Severity Security Advisory: Moderate Topic Openshift Logging Bug Fix Release (5210)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...
Synopsis Moderate: Red Hat Advanced Cluster Management 244 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 244 GeneralAvailability release images This update provides security fixes, bug fixes, and updates container imagesRed Hat Product Security has rated ...
Synopsis Moderate: Migration Toolkit for Containers (MTC) 171 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 171 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Several security issues were fixed in the Linux kernel ...
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_apic of the netfilter subsystem This flaw allows a local user to cause an out-of-bounds write issue (CVE-2022-1015) A flaw was found in the Linux kernel in net/netfilter/nf_tables_corec:nft_do_chain, which can cause a use-after-free This issue needs to handle return with pro ...

Mailing Lists

Hi, On Mon, Feb 21, 2022 at 08:38:23PM +0000, Nick Gregory wrote: This isse seems to have CVE-2022-25636 assigned Regards, Salvatore ...

Github Repositories

CVE-2022-25636 netfilter内核提权 [toc] 漏洞简介 漏洞编号: CVE-2022-25636 漏洞产品: linux kernel - netfilter 影响版本: linux kernel 54 ~ 漏洞危害: netfilter 内核模块中存在堆越界写,存在SYS_ADMIN时可以造成提权 环境搭建 漏洞存在于netfilter 内核模块中,漏洞所在代码在3个ko 中。 nft_dup_netdevko nf_dup_netdevk

CVE-2022-25636 This is my exploit for CVE-2022-25636 I tested it against Ubuntu 2110 with kernel 5130-30 Works about ~40% of the time, in the other cases you likely get a kernel panic The exploit might corrupt important data on heap, after an unsuccessful attempt it's best to reboot

extrasafe "trust noone not even urself" - internet man fn main() { println!("disabling syscalls"); extrasafe::SafetyContext::new() enable( extrasafe::builtins::SystemIO::nothing() allow_stdout() allow_stderr() )unwrap() apply_to_all_threads()unwrap(); // Opening files now fail

CVE-2022-25636 pipe version Using pipe-primitive to exploit CVE-2022-25636, so no kaslr leak nor smap smep ktpi bypass is needed :)

CVE-2022-25636 This is my exploit for CVE-2022-25636 I tested it against Ubuntu 2110 with kernel 5130-30 Works about ~40% of the time, in the other cases you likely get a kernel panic

Robin on Rails: Track My Study of Various Software Technologies 1 Overview Is it possible to keep track of the latest development of every technology in the software development industry? No Impossible nowadays A lot of people will say: Don't try! Being a programmer requires continuous learning of various technologies However, as the article How to stay sane in today&#

pipe-primitive An exploit primitive in linux kernel inspired by DirtyPipe (CVE-2022-0847) 前些日子,我像众多安全前辈那样对DirtyPipe(CVE-2022-0847)漏洞进行了学习和复现,深深感觉到这个洞的好用,这个洞始于一处内存的未初始化问题,终于对任意文件的修改,且中途不涉及KASLR的leak以及ROP、JOP等操作。

VED (Vault Exploit Defense) - Linux kernel threat detection and prevention system How VED evolved Our previous write-up introduced the problem and the current status of Linux kernel security and why cloud native and automotive solution should adopt 3rd-party Linux kernel hardening solution We've been trying to build the full-stack security solution for platform and infras

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f