Arthur Mongodin

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.18.9 **Description** A type confusion bug in `nft set elem init` leading to a buffer overflow could be used by a local attacker to escalate privileges. The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP NET ADMIN access. This issue can be fixed in `nft setelem parse data` in `net/netfilter/nf tables api.c`. The exploit uses the unlinking technique and can allow an attacker to gain root access. **Recommendations** For Linux kernel versions through 5.18.9, update to a version that includes the fix for the buffer overflow in `nft set elem init`. As a temporary workaround, consider restricting access to the `nft setelem parse data` function in `net/netfilter/nf tables api.c` to minimize the risk of exploitation.