oss-sec mailing list archives
Re: CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation
From: Solar Designer <solar () openwall com>
Date: Sat, 6 Aug 2022 21:10:22 +0200
On Thu, Jun 02, 2022 at 10:21:36AM +0800, ?????????(??????) wrote:
An out-of-bound write vulnerability was identified within the netfilter subsystem which can be exploited to achieve privilege escalation to root. In order to trigger the issue it requires the ability to create user/net namespaces. this vulnerability comes from commit( https://github.com/torvalds/linux/commit/f3a2181e16f1dcbf5446ed43f6b5d9f56c459f85) This issue has been fixed within the following commit: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=fecf31ee395b0295f2d7260aa29946b7605f7c85
[...]
=*=*=*=*=*=*=*=*= Credit =*=*=*=*=*=*=*=*= ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab
Apparently, this vulnerability was also independently discovered by Arthur Mongodin during an internship at Randorisec, who blogged about it on June 13 here: https://randorisec.fr/yet-another-bug-netfilter/ and posted an infoleak PoC here: https://github.com/randorisec/CVE-2022-1972-infoleak-PoC Alexander
Current thread:
- Re: CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation Solar Designer (Aug 06)