CVE-2022-36946

2022-07-2700:00:00

ubuntu.com

cve-2022-36946

netfilter bug

remote attack

denial of service

skb_pull error

linux kernel

nf_queue verdict

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.009

Percentile

82.8%

JSON

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through
5.18.14 allows remote attackers to cause a denial of service (panic)
because, in the case of an nf_queue verdict with a one-byte nfta_payload
attribute, an skb_pull can encounter a negative skb->len.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=2115278>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-193.204UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-126.142UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-48.54UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-234.268UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1141.152UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1085.92UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1020.24UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1113.119UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1150.165UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1020.24~20.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-193.204	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-126.142	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-48.54	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-234.268	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1141.152	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1085.92	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1020.24	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1113.119	UNKNOWN
ubuntu	16.04	noarch	linux-aws	< 4.4.0-1150.165	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1020.24~20.04.1	UNKNOWN