PT-2022-3342 · Linux+9 · Linux Kernel+9

Rohit Keshri

Published

2022-05-31

Updated

2023-08-14

CVE-2022-2078

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw in the Linux kernel's nft set desc concat parse() function allows an attacker to trigger a buffer overflow, causing a denial of service and possibly allowing the execution of arbitrary code. This issue is related to buffer copying without checking the size of input data, which can be exploited by a remote attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Stack Overflow

Buffer Overflow

Double Free

Memory Corruption

Type Confusion

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-121CWE-120CWE-415CWE-787CWE-843CWE-416

Related Identifiers

ALSA-2022:6582

ALSA-2022:6610

ALSA-2022:7444

ALSA-2022:7683

ALT-PU-2022-2145

ALT-PU-2022-2497

ALT-PU-2022-2523

ALT-PU-2022-2915

ALT-PU-2022-2919

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

AZL-10004

BDU:2022-04090

BDU:2022-04733

BDU:2022-04878

BDU:2022-05140

BDU:2022-05178

BDU:2022-05633

CESA-2022_7444

CESA-2022_7683

CVE-2022-2078

DSA-5161-1

OESA-2022-1746

RHSA-2022:6582

RHSA-2022:6610

RHSA-2022:7444

RHSA-2022:7683

RHSA-2022_6582

RHSA-2022_6610

RHSA-2022_7444

RHSA-2022_7683

RHSA-2024:0724

RLSA-2022:7444

RLSA-2022:7683

ROSA-SA-2022-2056

USN-5529-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Ubuntu

PT-2022-3342 · Linux+9 · Linux Kernel+9

CVE-2022-2078

Weakness Enumeration

Related Identifiers

Affected Products

References · 264