logo
DATABASE RESOURCES PRICING ABOUT US

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerability (USN-5545-1)

Description

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5545-1 advisory. - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related