Lucene search

K
cve[email protected]CVE-2022-32250
HistoryJun 02, 2022 - 9:15 p.m.

CVE-2022-32250

2022-06-0221:15:07
CWE-416
web.nvd.nist.gov
389
22
cve-2022-32250
linux kernel
privilege escalation
security vulnerability
nvd
use-after-free
netfilter
nf_tables_api

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

50.8%

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Affected configurations

NVD
Node
linuxlinux_kernelRange4.14.9.318
OR
linuxlinux_kernelRange4.104.14.283
OR
linuxlinux_kernelRange4.154.19.247
OR
linuxlinux_kernelRange4.205.4.198
OR
linuxlinux_kernelRange5.55.10.120
OR
linuxlinux_kernelRange5.115.15.45
OR
linuxlinux_kernelRange5.165.17.13
OR
linuxlinux_kernelRange5.185.18.2
Node
fedoraprojectfedoraMatch35
OR
fedoraprojectfedoraMatch36
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
netapph300sMatch-
AND
netapph300s_firmwareMatch-
Node
netapph500sMatch-
AND
netapph500s_firmwareMatch-
Node
netapph700sMatch-
AND
netapph700s_firmwareMatch-
Node
netapph410sMatch-
AND
netapph410s_firmwareMatch-
Node
netapph410cMatch-
AND
netapph410c_firmwareMatch-

References

Social References

More

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

50.8%