Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-32250
HistoryJun 02, 2022 - 12:00 a.m.

CVE-2022-32250

2022-06-0200:00:00
ubuntu.com
ubuntu.com
33

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

50.9%

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a
local user (able to create user/net namespaces) to escalate privileges to
root because an incorrect NFT_STATEFUL_EXPR check leads to a
use-after-free.

Notes

Author Note
mdeslaur possible dupe of CVE-2022-1966
sbeattie addresses ZDI-CAN-17442 and ZDI-CAN-17443
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-184.194UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-117.132UNKNOWN
ubuntu21.10noarchlinux< 5.13.0-48.54UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-37.39UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-227.261UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1133.143UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1078.84UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1011.14UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1107.113UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1143.158UNKNOWN
Rows per page:
1-10 of 711

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

50.9%