GoogleOSV:GHSA-JR8J-2JHP-M67Vnftables binding to an already bound chain
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
14.3%
Impact
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain.
Affected by this vulnerability is the function nft_verdict_init of the file net/netfilter/nf_tables_api.c. The manipulation with an unknown input leads to a denial of service vulnerability. The program does not release or incorrectly releases a resource before it is made available for re-use.
Patches
The fix has been backported to 5.15.64 version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.2.0 is shipped with Linux Kernel 5.15.64 fixing the above issue.
Workarounds
It’s recommended to upgrade
References
- https://www.sesin.at/2022/09/02/cve-2022-39190-linux-kernel-up-to-5-19-5-nf_tables_api-c-nft_verdict_init-denial-of-service/
- https://nvd.nist.gov/vuln/detail/CVE-2022-39190
For more information
- Email us at [email protected]
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/siderolabs/talos | lt | 1.2.0 |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
14.3%