Bug 2066614 (CVE-2022-1016)
Summary: | CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bhu, bskeggs, chwhite, crwood, dhoward, dvlasenk, fhrbata, fwestpha, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jfaracco, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, lzampier, martin.hecht, masami256, mchehab, michal.skrivanek, mperina, nmurray, nobody, ptalbert, qzhao, rkeshri, rvrbovsk, scweaver, security-response-team, steved, vkumar, walters, williams, zmiele |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-12-05 13:33:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2067964, 2067965, 2067966, 2067967, 2069488, 2069490, 2070067, 2214853, 2215061 | ||
Bug Blocks: | 2065293 |
Description
Marian Rehak
2022-03-22 07:46:50 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2069488] Fixed by: 4c905f6740a365464e91467aa50916555b28213d netfilter: nf_tables: initialize registers in nft_do_chain() So, are we z-streaming this fix the usual way into RHEL9.0.0 and older RHEL8? The latter probably until RHEL8.4 since that is what OCP uses? This was fixed for Fedora with the 5.16.18 stable kernel updates. will this be addressed in RHEL 8 at some time? This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7444 https://access.redhat.com/errata/RHSA-2022:7444 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7683 https://access.redhat.com/errata/RHSA-2022:7683 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7933 https://access.redhat.com/errata/RHSA-2022:7933 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8267 https://access.redhat.com/errata/RHSA-2022:8267 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1016 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4137 https://access.redhat.com/errata/RHSA-2023:4137 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4138 https://access.redhat.com/errata/RHSA-2023:4138 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:0412 |