4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
16.1%
This vulnerability allows local attackers to disclose sensitive information
on affected installations of the Linux Kernel 6.0-rc2. An attacker must
first obtain the ability to execute high-privileged code on the target
system in order to exploit this vulnerability. The specific flaw exists
within the nft_osf_eval function. The issue results from the lack of proper
initialization of memory prior to accessing it. An attacker can leverage
this in conjunction with other vulnerabilities to execute arbitrary code in
the context of the kernel. Was ZDI-CAN-18540.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-136.153 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-57.63 | UNKNOWN |
ubuntu | 22.10 | noarch | linux | < 5.19.0-28.29 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1093.101 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1027.31 | UNKNOWN |
ubuntu | 22.10 | noarch | linux-aws | < 5.19.0-1016.17 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1027.31~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1093.102~18.04.2 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1100.106 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1030.37 | UNKNOWN |
git.kernel.org/linus/559c36c5a8d730c49ef805a72b213d3bba155cc8 (6.0-rc7)
launchpad.net/bugs/cve/CVE-2022-42432
nvd.nist.gov/vuln/detail/CVE-2022-42432
patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/
security-tracker.debian.org/tracker/CVE-2022-42432
www.cve.org/CVERecord?id=CVE-2022-42432
www.zerodayinitiative.com/advisories/ZDI-22-1457/