PT-2022-3915 · Linux+8 · Linux Kernel+8

Arthur Mongodin

+1

·

Published

2022-07-02

·

Updated

2025-09-29

·

CVE-2022-34918

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.18.9
Description A type confusion bug in nft set elem init leading to a buffer overflow could be used by a local attacker to escalate privileges. The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP NET ADMIN access. This issue can be fixed in nft setelem parse data in net/netfilter/nf tables api.c. The exploit uses the unlinking technique and can allow an attacker to gain root access.
Recommendations For Linux kernel versions through 5.18.9, update to a version that includes the fix for the buffer overflow in nft set elem init. As a temporary workaround, consider restricting access to the nft setelem parse data function in net/netfilter/nf tables api.c to minimize the risk of exploitation.

Exploit

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALSA-2022:6582
ALSA-2022:6610
ALSA-2022_6582
ALSA-2022_6610
ALSA-2024_2394
ALSA-2025_16880
ALT-PU-2022-2232
ALT-PU-2022-2233
ALT-PU-2022-2248
ALT-PU-2022-2250
ALT-PU-2022-2256
ALT-PU-2022-2258
ALT-PU-2022-2261
ALT-PU-2022-2265
ALT-PU-2022-2288
ALT-PU-2022-2305
ALT-PU-2022-2426
ALT-PU-2022-2682
ALT-PU-2022-2692
ALT-PU-2022-2915
ALT-PU-2022-2919
ALT-PU-2023-4894
AZL-10075
BDU:2022-04733
CVE-2022-34918
DSA-5191-1
ELSA-2022-6610
ELSA-2022-9827
ELSA-2022-9830
ELSA-2023-12588
ELSA-2023-12590
ELSA-2023-12591
ELSA-2023-12842
LSN-0089-1
MGASA-2022-0263
MGASA-2022-0264
OESA-2022-1774
OPENSUSE-SU-2022:2549-1
OPENSUSE-SU-2022_2376-1
OPENSUSE-SU-2022_2422-1
OPENSUSE-SU-2022_2520-1
OPENSUSE-SU-2022_2549-1
OPENSUSE-SU-2022_2615-1
OPENSUSE-SU-2024:12181-1
OPENSUSE-SU-2024:13704-1
RHSA-2022:6582
RHSA-2022:6592
RHSA-2022:6610
RHSA-2022_6582
RHSA-2022_6610
SUSE-SU-2022:2376-1
SUSE-SU-2022:2424-1
SUSE-SU-2022:2424-2
SUSE-SU-2022:2520-1
SUSE-SU-2022:2549-1
SUSE-SU-2022:2615-1
SUSE-SU-2022:2696-1
SUSE-SU-2022:2726-1
SUSE-SU-2022:2727-1
SUSE-SU-2022:2732-1
SUSE-SU-2022:2738-1
SUSE-SU-2022:2759-1
SUSE-SU-2022:2766-1
SUSE-SU-2022:2770-1
SUSE-SU-2022:2854-1
SUSE-SU-2022_2376-1
SUSE-SU-2022_2422-1
SUSE-SU-2022_2424-1
SUSE-SU-2022_2549-1
SUSE-SU-2022_2696-1
SUSE-SU-2022_2726-1
SUSE-SU-2022_2727-1
SUSE-SU-2022_2732-1
SUSE-SU-2022_2738-1
SUSE-SU-2022_2759-1
SUSE-SU-2022_2766-1
SUSE-SU-2022_2770-1
SUSE-SU-2022_2854-1
USN-5540-1
USN-5544-1
USN-5545-1
USN-5560-1
USN-5560-2
USN-5562-1
USN-5564-1
USN-5566-1
USN-5582-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu