Home > Cyber News > CVE-2022-25636: Linux Kernel Netfilter Vulnerability

CVE-2022-25636: Linux Kernel Netfilter Vulnerability

CVE-2022-25636: Linux Kernel Netfilter Vulnerability

Security researcher Nick Gregory recently discovered and reported a new Linux kernel vulnerability. Tracked as CVE-2022-25636, the issue impacts Linux kernel versions 5.4 through 5.6.10.

The vulnerability is triggered by a heap-of-bounds write in the Netfilter subcomponent of the kernel, and can be leveraged by a local threat actor to gain elevation privileges and execute arbitrary code, escape containers, or cause the so-called kernel panic.

RedHat has provided a description of CVE-2022-25636:

An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat.

Other Linux distributions have released similar advisories, including Debian, Ubuntu, Oracle Linux, and SUSE.

What Is Netfilter?

Netfilter is a framework provided by the Linux kernel. It enables various networking-related operations to be implemented in the form of customized handlers. As for the Netfilter project, it is “a community-driven collaborative FOSS project that provides packet filtering software for the Linux 2.4.x and later kernel series,” according to its official website.

The vulnerability stems from an incorrect handling of netfilter’s hardware offload feature, which could be leveraged by a local threat actor to cause a denial-of-service condition or execute arbitrary code.

Nick Gregory has provided a very detailed tour of how he discovered and analyzed the vulnerability.

Last week, we wrote about another Linux kernel vulnerability, which was defined as a high-severity Linux kernel issue. The bug could have been abused to escape a container in order to execute arbitrary commands on the host. The vulnerability is tracked as CVE-2022-0492, and was detailed by Palo Alto Unit 42 Networks researchers.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree