logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2022-34918

Description

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.


Affected Software


CPE Name Name Version
linux:linux_kernel linux linux kernel 5.18.9
debian:debian_linux debian debian linux 11.0
canonical:ubuntu_linux canonical ubuntu linux 14.04
canonical:ubuntu_linux canonical ubuntu linux 18.04
canonical:ubuntu_linux canonical ubuntu linux 20.04
canonical:ubuntu_linux canonical ubuntu linux 16.04
canonical:ubuntu_linux canonical ubuntu linux 22.04
netapp:h300s_firmware netapp h300s firmware -
netapp:h500s_firmware netapp h500s firmware -
netapp:h700s_firmware netapp h700s firmware -
netapp:h410s_firmware netapp h410s firmware -
netapp:h410c_firmware netapp h410c firmware -

Related