Bug 2096178 (CVE-2022-2078) - CVE-2022-2078 kernel: Vulnerability of buffer overflow in nft_set_desc_concat_parse() [NEEDINFO]
Summary: CVE-2022-2078 kernel: Vulnerability of buffer overflow in nft_set_desc_concat...
Keywords:
Status: NEW
Alias: CVE-2022-2078
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: CVE-2022-1972 (view as bug list)
Depends On: 2096401 2096402 2096403 2096404 2096407
Blocks: 2092538 2092539 2096169 2096617
TreeView+ depends on / blocked
 
Reported: 2022-06-13 08:02 UTC by Rohit Keshri
Modified: 2022-08-05 14:26 UTC (History)
54 users (show)

Fixed In Version: kernel 5.19 rc1
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.
Clone Of:
Environment:
Last Closed:
carnil: needinfo? (mrehak)


Attachments (Terms of Use)

Description Rohit Keshri 2022-06-13 08:02:48 UTC
An attacker can trigger a buffer overflow of the Linux kernel, via nft_set_desc_concat_parse(), in order to trigger a denial of service, and possibly to run code.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85

Comment 9 Steve Beattie 2022-07-20 07:51:15 UTC
Is this a duplicate of CVE-2022-1972? Both cves list https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 as the fix for the issue.

Thanks for any clarification you can give.

Comment 10 Alex 2022-07-31 11:27:30 UTC
In reply to comment #9:
> Is this a duplicate of CVE-2022-1972? Both cves list
> https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 as the
> fix for the issue.
> 
> Thanks for any clarification you can give.

Yes. Seems to be a duplicate of CVE-2022-2078,

both CVE-2022-1972 and CVE-2022-2078

link to
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85

Comment 11 Alex 2022-07-31 11:56:20 UTC
*** Bug 2092537 has been marked as a duplicate of this bug. ***

Comment 15 Salvatore Bonaccorso 2022-08-05 14:22:30 UTC
(In reply to Alex from comment #10)
> In reply to comment #9:
> > Is this a duplicate of CVE-2022-1972? Both cves list
> > https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 as the
> > fix for the issue.
> > 
> > Thanks for any clarification you can give.
> 
> Yes. Seems to be a duplicate of CVE-2022-2078,
> 
> both CVE-2022-1972 and CVE-2022-2078
> 
> link to
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85

would it make sense to properly reject the CVE-2022-1972 CVE at 
CNA level. I believe this has potential for some confusion as
CVE-2022-1972 was probably assigned earlier, then referenced in 
https://www.openwall.com/lists/oss-security/2022/06/02/1 but CVE-2022-2078
is the one officially filled https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078

Regards,
Salvatore

Comment 16 Salvatore Bonaccorso 2022-08-05 14:26:38 UTC
OTOH unfortunately CVE-2022-1972 was already used widely as well in advisories (apart the oss-security post), so not sure what is the best outcome.


Note You need to log in before you can comment on or make changes to this bug.