Bug 2065323 (CVE-2022-1015)
Summary: | CVE-2022-1015 kernel: arbitrary code execution in linux/net/netfilter/nf_tables_api.c | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Rohit Keshri <rkeshri> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, asavkov, bhu, bskeggs, chwhite, crwood, dbohanno, dhoward, dvlasenk, egarver, fhrbata, fwestpha, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jfaracco, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jthierry, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, kyoshida, lgoncalv, linville, lob+redhat, lzampier, masami256, mchehab, michal.skrivanek, mleitner, mperina, mrehak, mvanderw, nmurray, nobody, ptalbert, qzhao, rhandlin, rvrbovsk, scweaver, security-response-team, steved, vkumar, walters, williams, ycote, yozone | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Kernel 5.16.18 | Doc Type: | If docs needed, set a value | ||||
Doc Text: |
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2022-12-04 02:33:18 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 2065350, 2065351, 2065352, 2065353, 2065354, 2065355, 2065356, 2065357, 2065366, 2065367, 2065368, 2065369, 2065370, 2065371, 2065372, 2065373, 2065408, 2065409, 2065410, 2065411, 2065415, 2065416, 2065417, 2065418, 2065419, 2065420, 2065421, 2065423, 2065424, 2065425, 2065426, 2069489, 2070051, 2089911, 2089912 | ||||||
Bug Blocks: | 2065293, 2066791 | ||||||
Attachments: |
|
Description
Rohit Keshri
2022-03-17 16:48:27 UTC
*** Bug 2065321 has been marked as a duplicate of this bug. *** Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2069489] As far as I can see this issue only affects RHEL9 (9.0, 9.1). In RHEL8 and RHEL7, the erroneously translated value is truncated to 8 bit value before it is passed to the incorrect validation check. Because of the truncation, no overflow can happen. Upstream patch is: commit 6e1acfa387b9ff82cfc7db8cc3b6959221a95851 netfilter: nf_tables: validate registers coming from userspace. The commit that made the bug usable is commit 345023b0db315648ccc3c1a36aee88304a8b4d91 netfilter: nftables: add nft_parse_register_store() and use it ... because it removed the 8bit truncation. This commit was added from 5.12 onwards and was not backported to any RHEL version. This was fixed for Fedora with the 5.16.18 stable kernel updates. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1015 |