net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | linux | < 5.18.2-1 | linux_5.18.2-1_all.deb |
Debian | 11 | all | linux | < 5.10.120-1 | linux_5.10.120-1_all.deb |
Debian | 10 | all | linux | < 4.19.249-2 | linux_4.19.249-2_all.deb |
Debian | 999 | all | linux | < 5.18.2-1 | linux_5.18.2-1_all.deb |
Debian | 13 | all | linux | < 5.18.2-1 | linux_5.18.2-1_all.deb |