Lucene search

K
hiveproHive ProHIVEPRO:6328173E0F6C3AA0EDD0FC979058CEAB
HistoryMar 17, 2022 - 3:50 p.m.

Attackers could gain root access using vulnerability in Linux Kernel Netfilter Firewall

2022-03-1715:50:05
Hive Pro
www.hivepro.com
96

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.7%

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A flaw in the Linux kernel has been discovered. If exploited, this flaw could allow a local attacker to gain privileges on targeted systems, allowing them to escape containers, execute arbitrary code, or cause a kernel panic. This heap out-of-bounds write vulnerability has been assigned CVE-2022-25636 and affects the Linux kernel's netfilter subcomponent. Netfilter is a Linux kernel framework that enables various networking-related operations such as packet filtering, network address translation, and port translation. The bug is related to an issue with the framework's incorrect handling of the hardware offload feature, which could be utilized by a local attacker to cause a denial-of-service (DoS) or possibly execute arbitrary code. This issue has been fixed in Linux kernel version 5.7 and vendors such as RedHat, SUSE, Ubuntu, and Oracle has also made a fix available for the same. Potential MITRE ATT&CK TTPs are:TA0042: Resource DevelopmentT1588: Obtain CapabilitiesT1588.006: Obtain Capabilities: VulnerabilitiesTA0001: Initial AccessT1190: Exploit Public-Facing ApplicationTA0040: ImpactT1499: Endpoint Denial of ServiceT1499.004: Endpoint Denial of Service: Application or System Exploitation Vulnerability Details Patch Link https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/snapshot/nf-b1a5983f56e371046dcf164f90bfaf704d2b89f6.tar.gz References https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/ https://access.redhat.com/security/cve/CVE-2022-25636 https://www.openwall.com/lists/oss-security/2022/02/21/2 https://security-tracker.debian.org/tracker/CVE-2022-25636 https://linux.oracle.com/cve/CVE-2022-25636.html https://www.suse.com/security/cve/CVE-2022-25636.html https://ubuntu.com/security/CVE-2022-25636

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.7%