Bug 2096178 (CVE-2022-2078) - CVE-2022-2078 kernel: buffer overflow in nft_set_desc_concat_parse()
Summary: CVE-2022-2078 kernel: buffer overflow in nft_set_desc_concat_parse()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-2078
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: CVE-2022-1972 (view as bug list)
Depends On: 2096401 2096402 2096403 2096404 2096407 2108199 2127407
Blocks: 2092538 2092539 2096169 2096617
TreeView+ depends on / blocked
 
Reported: 2022-06-13 08:02 UTC by Rohit Keshri
Modified: 2024-02-08 16:51 UTC (History)
54 users (show)

Fixed In Version: kernel 5.19-rc1
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.
Clone Of:
Environment:
Last Closed: 2022-12-05 18:21:30 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:6582 0 None None None 2022-09-20 13:37:04 UTC
Red Hat Product Errata RHSA-2022:6610 0 None None None 2022-09-20 14:19:13 UTC
Red Hat Product Errata RHSA-2022:7444 0 None None None 2022-11-08 09:10:23 UTC
Red Hat Product Errata RHSA-2022:7683 0 None None None 2022-11-08 10:10:02 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:29:04 UTC

Description Rohit Keshri 2022-06-13 08:02:48 UTC 
An attacker can trigger a buffer overflow of the Linux kernel, via nft_set_desc_concat_parse(), in order to trigger a denial of service, and possibly to run code.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85
Comment 9 Steve Beattie 2022-07-20 07:51:15 UTC 
Is this a duplicate of CVE-2022-1972? Both cves list https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 as the fix for the issue.

Thanks for any clarification you can give.
Comment 10 Alex 2022-07-31 11:27:30 UTC 
In reply to comment #9:
> Is this a duplicate of CVE-2022-1972? Both cves list
> https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 as the
> fix for the issue.
> 
> Thanks for any clarification you can give.

Yes. Seems to be a duplicate of CVE-2022-2078,

both CVE-2022-1972 and CVE-2022-2078

link to
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85
Comment 11 Alex 2022-07-31 11:56:20 UTC 
*** Bug 2092537 has been marked as a duplicate of this bug. ***
Comment 15 Salvatore Bonaccorso 2022-08-05 14:22:30 UTC 
(In reply to Alex from comment #10)
> In reply to comment #9:
> > Is this a duplicate of CVE-2022-1972? Both cves list
> > https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 as the
> > fix for the issue.
> > 
> > Thanks for any clarification you can give.
> 
> Yes. Seems to be a duplicate of CVE-2022-2078,
> 
> both CVE-2022-1972 and CVE-2022-2078
> 
> link to
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85

would it make sense to properly reject the CVE-2022-1972 CVE at 
CNA level. I believe this has potential for some confusion as
CVE-2022-1972 was probably assigned earlier, then referenced in 
https://www.openwall.com/lists/oss-security/2022/06/02/1 but CVE-2022-2078
is the one officially filled https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078

Regards,
Salvatore
Comment 16 Salvatore Bonaccorso 2022-08-05 14:26:38 UTC 
OTOH unfortunately CVE-2022-1972 was already used widely as well in advisories (apart the oss-security post), so not sure what is the best outcome.
Comment 18 errata-xmlrpc 2022-09-20 13:36:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6582 https://access.redhat.com/errata/RHSA-2022:6582
Comment 19 errata-xmlrpc 2022-09-20 14:19:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6610 https://access.redhat.com/errata/RHSA-2022:6610
Comment 20 Marian Rehak 2022-09-23 10:40:19 UTC 
It does, I have requested that CVE-2022-1972 be marked as duplicate of this bug with Mitre.
Comment 21 errata-xmlrpc 2022-11-08 09:10:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7444 https://access.redhat.com/errata/RHSA-2022:7444
Comment 22 errata-xmlrpc 2022-11-08 10:09:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7683 https://access.redhat.com/errata/RHSA-2022:7683
Comment 24 Product Security DevOps Team 2022-12-05 18:21:20 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2078
Comment 28 errata-xmlrpc 2024-02-07 16:29:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Note You need to log in before you can comment on or make changes to this bug.