Security researcher Nick Gregory recently discovered and reported a new Linux kernel vulnerability. Tracked as CVE-2022-25636, the issue impacts Linux kernel versions 5.4 through 5.6.10.
The vulnerability is triggered by a heap-of-bounds write in the Netfilter subcomponent of the kernel, and can be leveraged by a local threat actor to gain elevation privileges and execute arbitrary code, escape containers, or cause the so-called kernel panic.
RedHat has provided a description of CVE-2022-25636:
An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat.
Other Linux distributions have released similar advisories, including Debian, Ubuntu, Oracle Linux, and SUSE.
What Is Netfilter?
Netfilter is a framework provided by the Linux kernel. It enables various networking-related operations to be implemented in the form of customized handlers. As for the Netfilter project, it is “a community-driven collaborative FOSS project that provides packet filtering software for the Linux 2.4.x and later kernel series,” according to its official website.
The vulnerability stems from an incorrect handling of netfilter’s hardware offload feature, which could be leveraged by a local threat actor to cause a denial-of-service condition or execute arbitrary code.
Nick Gregory has provided a very detailed tour of how he discovered and analyzed the vulnerability.
Last week, we wrote about another Linux kernel vulnerability, which was defined as a high-severity Linux kernel issue. The bug could have been abused to escape a container in order to execute arbitrary commands on the host. The vulnerability is tracked as CVE-2022-0492, and was detailed by Palo Alto Unit 42 Networks researchers.