5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
12.4%
linux is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the nft_do_chain routine
in net/netfilter/nf_tables_core.c
which does not initialize the register data that nf_tables
expressions can read from and write to, allowing an attacker to determine the register data and proceed to exploit it.
blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/
git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-1016
access.redhat.com/errata/RHSA-2022:7444
access.redhat.com/errata/RHSA-2022:7683
access.redhat.com/errata/RHSA-2022:7933
access.redhat.com/errata/RHSA-2022:8267
access.redhat.com/security/cve/CVE-2022-1016
bugzilla.redhat.com/show_bug.cgi?id=2066614
seclists.org/oss-sec/2022/q1/205