Lucene search

K
nvd[email protected]NVD:CVE-2022-36946
HistoryJul 27, 2022 - 8:15 p.m.

CVE-2022-36946

2022-07-2720:15:08
web.nvd.nist.gov
3
linux
kernel
nfqnl_mangle
denial of service
vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.009 Low

EPSS

Percentile

82.8%

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

Affected configurations

NVD
Node
linuxlinux_kernelRange2.6.144.9.326
OR
linuxlinux_kernelRange4.104.14.291
OR
linuxlinux_kernelRange4.154.19.255
OR
linuxlinux_kernelRange4.205.4.209
OR
linuxlinux_kernelRange5.55.10.135
OR
linuxlinux_kernelRange5.115.15.59
OR
linuxlinux_kernelRange5.165.18.16
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappsolidfire_\&_hci_management_nodeMatch-
OR
netappsolidfire_\&_hci_storage_nodeMatch-
OR
netappsolidfire_enterprise_sdsMatch-
OR
netapphci_compute_nodeMatch-

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.009 Low

EPSS

Percentile

82.8%