// For flags

CVE-2022-25636

kernel: heap out of bounds write in nf_dup_netdev.c

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

El archivo net/netfilter/nf_dup_netdev.c en el kernel de Linux versiones 5.4 hasta 5.6.10, permite a usuarios locales alcanzar privilegios debido a una escritura fuera de los límites de la pila. Esto está relacionado con nf_tables_offload

An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-02-22 CVE Reserved
  • 2022-02-22 CVE Published
  • 2022-03-24 First Exploit
  • 2023-03-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-269: Improper Privilege Management
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.4 < 5.4.182
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.182"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.5 < 5.10.103
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.103"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.11 < 5.15.26
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.26"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.16 < 5.16.12
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 5.16.12"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected
Netapp
Search vendor "Netapp"
H300e
Search vendor "Netapp" for product "H300e"
--
Affected
Netapp
Search vendor "Netapp"
H300s
Search vendor "Netapp" for product "H300s"
--
Affected
Netapp
Search vendor "Netapp"
H410c
Search vendor "Netapp" for product "H410c"
--
Affected
Netapp
Search vendor "Netapp"
H410s
Search vendor "Netapp" for product "H410s"
--
Affected
Netapp
Search vendor "Netapp"
H500e
Search vendor "Netapp" for product "H500e"
--
Affected
Netapp
Search vendor "Netapp"
H500s
Search vendor "Netapp" for product "H500s"
--
Affected
Netapp
Search vendor "Netapp"
H700e
Search vendor "Netapp" for product "H700e"
--
Affected
Netapp
Search vendor "Netapp"
H700s
Search vendor "Netapp" for product "H700s"
--
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Binding Support Function
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function"
22.1.3
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "22.1.3"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Exposure Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function"
22.1.1
Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function" and version "22.1.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Policy
Search vendor "Oracle" for product "Communications Cloud Native Core Policy"
22.2.0
Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "22.2.0"
-
Affected