PT-2022-1733 · Linux+10 · Linux Kernel+10

Matthias Kaiser

Published

2020-05-06

Updated

2025-09-29

CVE-2022-25636

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.4 through 5.6.10

Description The issue is related to a heap out-of-bounds write in the netfilter subsystem of the Linux kernel, specifically in the nf dup netdev.c file. This can allow local users to gain privileges or cause a denial of service. The problem is related to nf tables offload. A researcher managed to hijack the kernel control flow, and an example exploit allows a local user to elevate their privileges in Ubuntu 21.10 with the KASLR protection mechanism disabled.

Recommendations For Linux kernel versions 5.4 through 5.6.10, consider applying the available patch to fix the issue. As a temporary workaround, restrict access to the vulnerable nf tables offload functionality to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-269

Related Identifiers

ALSA-2021_0558

ALSA-2022:1550

ALSA-2022_1550

ALSA-2024_2394

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2020-1918

ALT-PU-2020-1950

ALT-PU-2020-2153

ALT-PU-2020-2155

ALT-PU-2020-2158

ALT-PU-2020-2164

ALT-PU-2021-1621

ALT-PU-2021-1656

ALT-PU-2021-1739

ALT-PU-2021-1862

ALT-PU-2021-1866

ALT-PU-2022-1633

ALT-PU-2022-1739

ALT-PU-2023-4894

BDU:2022-00997

CESA-2022_1535

CESA-2022_1550

CESA-2022_1555

CVE-2022-25636

DSA-5095-1

ELSA-2022-1550

ELSA-2022-9181

ELSA-2022-9182

ELSA-2022-9244

ELSA-2022-9245

LSN-0085-1

MGASA-2022-0092

MGASA-2022-0095

OPENSUSE-SU-2022:1037-1

OPENSUSE-SU-2022:1039-1

OPENSUSE-SU-2022_1037-1

OPENSUSE-SU-2022_1039-1

RHSA-2022:1413

RHSA-2022:1418

RHSA-2022:1455

RHSA-2022:1535

RHSA-2022:1550

RHSA-2022:1555

RHSA-2022:4896

RHSA-2022_1550

RHSA-2022_1555

RLSA-2022:1550

RLSA-2022:1555

RLSA-2022_1550

RLSA-2022_1555

SUSE-SU-2022:0978-1

SUSE-SU-2022:0984-1

SUSE-SU-2022:0998-1

SUSE-SU-2022:1034-1

SUSE-SU-2022:1037-1

SUSE-SU-2022:1038-1

SUSE-SU-2022:1039-1

SUSE-SU-2022_0978-1

SUSE-SU-2022_0984-1

SUSE-SU-2022_0998-1

SUSE-SU-2022_1034-1

SUSE-SU-2022_1037-1

SUSE-SU-2022_1038-1

SUSE-SU-2022_1039-1

USN-5317-1

USN-5318-1

USN-5362-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2022-1733 · Linux+10 · Linux Kernel+10

CVE-2022-25636

Weakness Enumeration

Related Identifiers

Affected Products

References · 204