A newly disclosed security flaw in the Linux kernel could be leveraged by a regional adversary to attain elevated privileges on susceptible programs to execute arbitrary code, escape containers, or induce a kernel worry.
Tracked as CVE-2022-25636 (CVSS rating: 7.8), the vulnerability impacts Linux kernel versions 5.4 via 5.6.10 and is a final result of a heap out-of-bounds publish in the netfilter subcomponent in the kernel. The issue was discovered by Nick Gregory, a investigate scientist at Capsule8.
“This flaw lets a neighborhood attacker with a user account on the procedure to get entry to out-of-bounds memory, major to a program crash or a privilege escalation danger,” Red Hat claimed in an advisory printed on February 22, 2022. Comparable alerts have been launched by Debian, Oracle Linux, SUSE, and Ubuntu.
Netfilter is a framework delivered by the Linux kernel that enables different networking-associated operations, together with packet filtering, network address translation, and port translation.
Specially, CVE-2022-25636 relates to an issue with incorrect dealing with of the framework’s components offload attribute that could be weaponized by a neighborhood attacker to induce a denial-of-assistance (DoS) or potentially execute arbitrary code.
“Irrespective of getting in code working with hardware offload, this is reachable when focusing on network gadgets that really don’t have offload operation (e.g. lo) as the bug is triggered ahead of the rule generation fails.” Gregory mentioned. “On top of that, whilst nftables calls for CAP_NET_ADMIN, we can unshare into a new network namespace to get this as a (usually) unprivileged person.”
“This can be turned into kernel [return-oriented programming]/area privilege escalation with no way too a great deal difficulty, as one of the values that is published out of bounds is conveniently a pointer to a net_device framework,” Gregory additional.
Discovered this short article fascinating? Comply with THN on Fb, Twitter and LinkedIn to go through a lot more unique content material we submit.
Some sections of this report are sourced from: