7.8
CVSSv3

CVE-2022-34918

Published: 04/07/2022 Updated: 06/08/2022
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

An issue exists in the Linux kernel up to and including 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local malicious user to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

An issue was discovered in the Linux kernel through 5189 A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250 (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
A heap buffer overflow flaw was found in the Linux kernel's Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-34918) ...
A heap buffer overflow flaw was found in the Linux kernel's Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-34918) ...
A heap buffer overflow flaw was found in the Linux kernel's Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-34918) ...
A heap buffer overflow flaw was found in the Linux kernel's Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-34918) ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks: CVE-2021-33655 A user with access to a framebuffer console driver could cause a memory out-of-bounds write via the FBIOPUT_VSCREENINFO ioctl CVE-2022-2318 A use-after-free in the Amateur Radio ...
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740) Additionally the granularity of the grant ta ...
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timerc of linux that allow attackers to crash linux kernel without any privileges (CVE-2022-2318) Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE] Lin ...

Github Repositories

CVE-2022-34918 LPE PoC LPE exploit for CVE-2022-34918 This exploit has been written for the kernel Linux ubuntu 5150-39-generic You can find the associated write-up on our blog Usage get_root should be in the current folder $ ls get_root poc $ /poc

CVE-2022-34918 LPE PoC LPE exploit for CVE-2022-34918 This exploit has been written for the kernel Linux ubuntu 5150-39-generic You can find the associated write-up on our blog Usage get_root should be in the current folder $ ls get_root poc $ /poc

CVE-2022-34918 LPE PoC LPE exploit for CVE-2022-34918 This exploit has been written for the kernel Linux ubuntu 5150-39-generic You can find the associated write-up on our blog Usage get_root should be in the current folder $ ls get_root poc $ /poc

CVE-2022-34918 LPE PoC LPE exploit for CVE-2022-34918 This exploit has been written for the kernel Linux ubuntu 5150-39-generic You can find the associated write-up on our blog Usage get_root should be in the current folder $ ls get_root poc $ /poc

CVE-2022-34918 LPE PoC LPE exploit for CVE-2022-34918 This exploit has been written for the kernel Linux ubuntu 5150-39-generic You can find the associated write-up on our blog Usage get_root should be in the current folder $ ls get_root poc $ /poc CVE-2022-34918

CVE-2022-34918 LPE POC 尝试了一下360提出的USMA,还不错。