CVE-2022-1016 - OpenCVE

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:3.13:rc1::::::

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

References

Link	Resource
http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/	Exploit Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-1016	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2066614	Issue Tracking Third Party Advisory
https://seclists.org/oss-sec/2022/q1/205	Exploit Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-29T14:03:06

Updated: 2022-08-29T14:03:06

Reserved: 2022-03-17T00:00:00

Link: CVE-2022-1016

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-29T15:15:10.143

Modified: 2023-06-27T15:47:56.347

Link: CVE-2022-1016

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A49CD410-EABA-40F1-A803-DC1FADBDA96D", "versionEndIncluding": "3.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "321F7B08-92E2-438E-A94C-F4E827370AB4", "versionEndIncluding": "5.17", "versionStartIncluding": "3.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "E0ED04A8-156B-43FA-ACB9-F09E177D1B0A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker."}, {"lang": "es", "value": "Se ha encontrado un fallo en el kernel de Linux en el archivo net/netfilter/nf_tables_core.c:nft_do_chain, que puede causar un uso de memoria previamente liberada. Este problema necesita manejar \"return\" con las precondiciones apropiadas, ya que puede conllevar a un problema de filtrado de informaci\u00f3n del kernel causado por un atacante local no privilegiado"}], "id": "CVE-2022-1016", "lastModified": "2023-06-27T15:47:56.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-29T15:15:10.143", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-1016"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066614"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/oss-sec/2022/q1/205"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-909"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-824"}], "source": "secalert@redhat.com", "type": "Secondary"}]}