Lucene search

K
redhatcveRedhat.comRH:CVE-2022-25636
HistoryFeb 22, 2022 - 7:50 a.m.

CVE-2022-25636

2022-02-2207:50:41
redhat.com
access.redhat.com
61

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.7%

An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat.

Mitigation

The mitigation for the Red Hat Enterprise Linux 8 is to disable for unprivileged user possibilities of running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with the next command:
echo 0 > /proc/sys/user/max_user_namespaces

For making this change in configuration permanent.
Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.
Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d/" directory:

user.max_user_namespaces = 0

The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:

$ sudo sysctl --system

The other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: <https://www.openshift.com/blog/seccomp-for-fun-and-profit&gt;

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.7%