oss-sec mailing list archives
CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF
From: Thadeu Lima de Souza Cascardo <cascardo () canonical com>
Date: Tue, 9 Aug 2022 14:10:35 -0300
CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Team Orca of Sea Security (@seasecresponse) working with Trend Micro's Zero Day Initiative discovered that this vulnerability could be exploited for Local Privilege Escalation. This has been reported as ZDI-CAN-17470, and assigned CVE-2022-2586. This bug was introduced by commit 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets"), which is present since v3.16-rc1. Exploiting it requires CAP_NET_ADMIN in any user or network namespace. A PoC that will trigger KASAN is going to be posted in a week. Fixes have been sent to netfilter-devel () vger kernel org and are at https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo () canonical com/T/#t.
Current thread:
- CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF Thadeu Lima de Souza Cascardo (Aug 09)
- Re: CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF Thadeu Lima de Souza Cascardo (Aug 18)