PT-2022-2764 · Linux+8 · Linux Kernel+8

Edg Edg

·

Published

2022-05-26

·

Updated

2026-06-16

·

CVE-2022-32250

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.18.1
Description The issue is related to an incorrect NFT STATEFUL EXPR check in the net/netfilter/nf tables api.c file, leading to a use-after-free condition. This allows a local user, who is able to create user/net namespaces, to escalate privileges to root. The vulnerability is associated with the Netfilter packet filtering software of the Linux kernel.
Recommendations For Linux kernel versions through 5.18.1, consider disabling the nft expr init function as a temporary workaround until a patch is available. Restrict access to the nf tables api.c module to minimize the risk of exploitation. Avoid using the NFT STATEFUL EXPR check in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:5819
ALSA-2022:5834
ALSA-2022_5819
ALSA-2022_5834
ALSA-2024_2394
ALSA-2025_16880
ALT-PU-2022-2002
ALT-PU-2022-2003
ALT-PU-2022-2014
ALT-PU-2022-2037
ALT-PU-2022-2038
ALT-PU-2022-2050
ALT-PU-2022-2052
ALT-PU-2022-2054
ALT-PU-2022-2067
ALT-PU-2022-2099
ALT-PU-2022-2136
ALT-PU-2022-2137
ALT-PU-2022-2152
ALT-PU-2022-2155
ALT-PU-2022-2158
ALT-PU-2022-2344
ALT-PU-2023-4894
AZL-9879
BDU:2022-03283
CESA-2022_5232
CESA-2022_5819
CESA-2022_5834
CESA-2022_5839
CVE-2022-32250
DLA-3065-1
DSA-5161-1
DSA-5173-1
ELSA-2022-5819
ELSA-2022-9667
OESA-2022-1725
OPENSUSE-SU-2022:2177-1
OPENSUSE-SU-2022_2172-1
OPENSUSE-SU-2022_2722-1
OPENSUSE-SU-2022_2741-1
OPENSUSE-SU-2022_2875-1
OPENSUSE-SU-2022_3293-1
OPENSUSE-SU-2022_4617-1
RHSA-2022:5214
RHSA-2022:5216
RHSA-2022:5220
RHSA-2022:5224
RHSA-2022:5232
RHSA-2022:5236
RHSA-2022:5249
RHSA-2022:5267
RHSA-2022:5439
RHSA-2022:5476
RHSA-2022:5626
RHSA-2022:5633
RHSA-2022:5636
RHSA-2022:5641
RHSA-2022:5648
RHSA-2022:5802
RHSA-2022:5804
RHSA-2022:5805
RHSA-2022:5806
RHSA-2022:5819
RHSA-2022:5834
RHSA-2022:5839
RHSA-2022:6073
RHSA-2022:6075
RHSA-2022:6551
RHSA-2022_5232
RHSA-2022_5236
RHSA-2022_5249
RHSA-2022_5267
RHSA-2022_5819
RHSA-2022_5834
RLSA-2022:5819
RLSA-2022:5834
RLSA-2022_5819
RLSA-2022_5834
SUSE-SU-2022:2172-1
SUSE-SU-2022:2177-1
SUSE-SU-2022:2214-1
SUSE-SU-2022:2216-1
SUSE-SU-2022:2230-1
SUSE-SU-2022:2239-1
SUSE-SU-2022:2245-1
SUSE-SU-2022:2262-1
SUSE-SU-2022:2268-1
SUSE-SU-2022:2722-1
SUSE-SU-2022:2741-1
SUSE-SU-2022:2875-1
SUSE-SU-2022:2875-2
SUSE-SU-2022:3293-1
SUSE-SU-2022:3450-1
SUSE-SU-2022:4617-1
SUSE-SU-2022_2172-1
SUSE-SU-2022_2177-1
SUSE-SU-2022_2214-1
SUSE-SU-2022_2216-1
SUSE-SU-2022_2230-1
SUSE-SU-2022_2239-1
SUSE-SU-2022_2245-1
SUSE-SU-2022_2262-1
SUSE-SU-2022_2722-1
SUSE-SU-2022_2741-1
SUSE-SU-2022_2875-1
SUSE-SU-2022_3293-1
SUSE-SU-2022_3450-1
SUSE-SU-2022_4617-1
ZDI-23-1834
ZDI-26-191

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse