CVE-2022-1016

🗓️ 29 Aug 2022 14:03:06Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 434 Views🌐 WEB

A flaw in Linux kernel nf_tables_core.c can cause a use-after-free, leading to a kernel information leak problem

Reporter	Title	Published	Views	Family All 614
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus	23 Mar 202320:19	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel and Golang Go might affect IBM Spectrum Copy Data Management	17 Jan 202316:48	–	ibm
GithubExploit	Exploit for Out-of-bounds Write in Linux Linux_Kernel	2 Apr 202222:49	–	githubexploit
ATTACKERKB	CVE-2022-1016	29 Aug 202215:15	–	attackerkb
Tenable Nessus	Amazon Linux 2022 : bpftool, kernel, kernel-devel (ALAS2022-2022-042)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : bpftool, kernel, kernel-devel (ALAS2022-2022-083)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : bpftool, kernel, kernel-devel (ALAS2022-2022-185)	5 Nov 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-070)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2-2022-1768 (ALAS-2022-1768)	6 Apr 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-012 (ALASKERNEL-5.10-2022-012)	2 May 202200:00	–	nessus

NVD

Vulners

Node

linux linux_kernelRange≤3.12

linux linux_kernelRange3.13–5.17

linux linux_kernelMatch3.13rc1

Node

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

[
  {
    "product": "Kernel",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Affects v3.13-rc1 and later, Fixed in v5.18-rc1"
      }
    ]
  }
]

Source	Link
blog	www.blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/
access	www.access.redhat.com/security/cve/CVE-2022-1016
seclists	www.seclists.org/oss-sec/2022/q1/205
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

Parameter	Position	Path	Description	CWE
nft_parse_register_load	path	net/netfilter/nf_tables_api.c	OOB read/write via nf_tables API validation bug enabling kernel memory access from user-supplied netlink attributes.
nft_validate_register_load	path	net/netfilter/nf_tables_api.c	OOB read/write via nf_tables API validation bug enabling kernel memory access from user-supplied netlink attributes.
reg	path	net/netfilter/nf_tables_api.c	OOB read/write via nf_tables API validation bug enabling kernel memory access from user-supplied netlink attributes.
len	path	net/netfilter/nf_tables_api.c	OOB read/write via nf_tables API validation bug enabling kernel memory access from user-supplied netlink attributes.
sreg	path	net/netfilter/nf_tables_api.c	OOB read/write via nf_tables API validation bug enabling kernel memory access from user-supplied netlink attributes.
attr	path	net/netfilter/nf_tables_api.c	OOB read/write via nf_tables API validation bug enabling kernel memory access from user-supplied netlink attributes.
nft_do_chain	path	net/netfilter/nf_tables_core.c:nft_do_chain	Use-after-free in nf_tables core can lead to information leakage or escalation through improper return handling.	CWE-909, CWE-824
use-after-free	path	net/netfilter/nf_tables_core.c:nft_do_chain	Use-after-free in nf_tables core can lead to information leakage or escalation through improper return handling.	CWE-909, CWE-824
kernel information leak	path	net/netfilter/nf_tables_core.c:nft_do_chain	Use-after-free in nf_tables core can lead to information leakage or escalation through improper return handling.	CWE-909, CWE-824

17 Jun 2026 04:21Current

6Medium risk

Vulners AI Score6

CVSS 3.15.5

EPSS0.00419