Bug 2056830 (CVE-2022-25636) - CVE-2022-25636 kernel: heap out of bounds write in nf_dup_netdev.c
Summary: CVE-2022-25636 kernel: heap out of bounds write in nf_dup_netdev.c
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-25636
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2056728 2056863 2056864 2056865 2056866 2056867 2056868 2056869 2056870 2056874 2056875 2056879 2056880 2056881 2058737 2065576 2068028 2068029
Blocks: 2056832
TreeView+ depends on / blocked
 
Reported: 2022-02-22 07:11 UTC by Avinash Hanwate
Modified: 2022-06-03 17:13 UTC (History)
66 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat.
Clone Of:
Environment:
Last Closed: 2022-06-03 17:13:51 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:1533 0 None None None 2022-04-25 20:02:01 UTC
Red Hat Product Errata RHSA-2022:1413 0 None None None 2022-04-19 15:05:26 UTC
Red Hat Product Errata RHSA-2022:1418 0 None None None 2022-04-19 16:19:12 UTC
Red Hat Product Errata RHSA-2022:1455 0 None None None 2022-04-20 16:20:42 UTC
Red Hat Product Errata RHSA-2022:1535 0 None None None 2022-04-26 16:45:37 UTC
Red Hat Product Errata RHSA-2022:1550 0 None None None 2022-04-26 21:49:52 UTC
Red Hat Product Errata RHSA-2022:1555 0 None None None 2022-04-26 17:10:35 UTC
Red Hat Product Errata RHSA-2022:4896 0 None None None 2022-06-03 13:48:33 UTC

Description Avinash Hanwate 2022-02-22 07:11:40 UTC 
An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in netfilter subcomponent in the Linux kernel due to a heap out of bounds write problem. In this flaw, an attacker with a user account on the system to gain access to out-of-bounds memory leads to a system crash or a privilege escalation threat.

Reference:

https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6
https://www.openwall.com/lists/oss-security/2022/02/21/2
Comment 1 Marian Rehak 2022-02-22 08:08:15 UTC 
Reference:

https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6
https://www.openwall.com/lists/oss-security/2022/02/21/2
Comment 5 Rohit Keshri 2022-02-22 09:02:23 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2056863]
Comment 12 Justin M. Forbes 2022-03-16 15:19:19 UTC 
This was fixed for Fedora with the 5.16.12 stable kernel updates.
Comment 15 Tom Sorensen 2022-03-17 14:02:07 UTC 
Does it matter if netfilter is in use (e.g. -- firewall enabled or disabled)? I cannot find any definitive answer from the mailing list or elsewhere.
Comment 16 Sandro Bonazzola 2022-03-18 08:58:29 UTC 
Created kernel tracking bugs for this issue:

Affects: ovirt-4.4 [ bug 2065576 ]
Comment 21 errata-xmlrpc 2022-04-19 15:05:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1413 https://access.redhat.com/errata/RHSA-2022:1413
Comment 22 errata-xmlrpc 2022-04-19 16:19:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1418 https://access.redhat.com/errata/RHSA-2022:1418
Comment 23 errata-xmlrpc 2022-04-20 16:20:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1455 https://access.redhat.com/errata/RHSA-2022:1455
Comment 24 errata-xmlrpc 2022-04-26 16:45:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1535 https://access.redhat.com/errata/RHSA-2022:1535
Comment 25 errata-xmlrpc 2022-04-26 17:10:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1555 https://access.redhat.com/errata/RHSA-2022:1555
Comment 26 errata-xmlrpc 2022-04-26 21:49:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1550 https://access.redhat.com/errata/RHSA-2022:1550
Comment 27 errata-xmlrpc 2022-06-03 13:48:28 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896
Comment 28 Product Security DevOps Team 2022-06-03 17:13:47 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-25636
Note You need to log in before you can comment on or make changes to this bug.