← Back

CVE-2022-25636

nvd nist
Published: Feb 24, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

Affected (16)

Show all products
Linux: Linux Kernel · Debian: Debian Linux · Netapp: H300e, H300s, H410c, H410s, H500e, H500s, H700e, H700s · Oracle: Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function, Communications Cloud Native Core Policy
Linux
1 product
Linux Kernel
Debian
1 product
Debian Linux
Netapp
8 products
H300e
H300s
H410c
H410s
H500e
H500s
H700e
H700s
Oracle
3 products
Communications Cloud Native Core Binding Support Function
Communications Cloud Native Core Network Exposure Function
Communications Cloud Native Core Policy
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 5.11 to 5.15.26
Linux Kernel
From 5.16 to 5.16.12
Linux Kernel
From 5.4 to 5.4.182
Linux Kernel
From 5.5 to 5.10.103
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 11.0
Configuration C
8 vulnerable
Vulnerable SoftwareAffected Versions
H300e
All versions
H300s
All versions
H410c
All versions
H410s
All versions
H500e
All versions
H500s
All versions
H700e
All versions
H700s
All versions
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Communications Cloud Native Core Binding Support Function
Version 22.1.3
Communications Cloud Native Core Network Exposure Function
Version 22.1.1
Communications Cloud Native Core Policy
Version 22.2.0

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (18)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Mailing ListPatchThird Party Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.