Re: CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation

[Solar Designer <solar () openwall com>]

On Thu, Jun 02, 2022 at 10:21:36AM +0800, ?????????(??????) wrote:
> An out-of-bound write vulnerability was identified within the
> netfilter subsystem
> which can be exploited to achieve privilege escalation to root.
>
> In order to trigger the issue it requires the ability to create user/net
> namespaces.
>
> this vulnerability comes from commit(
> https://github.com/torvalds/linux/commit/f3a2181e16f1dcbf5446ed43f6b5d9f56c459f85)
>
> This issue has been fixed within the following commit:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=fecf31ee395b0295f2d7260aa29946b7605f7c85

[...]

> =*=*=*=*=*=*=*=*=  Credit  =*=*=*=*=*=*=*=*=
> ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab

Apparently, this vulnerability was also independently discovered by
Arthur Mongodin during an internship at Randorisec, who blogged about it
on June 13 here:

https://randorisec.fr/yet-another-bug-netfilter/

and posted an infoleak PoC here:

https://github.com/randorisec/CVE-2022-1972-infoleak-PoC

Alexander