Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-20368

Опубликовано: 15 мар. 2022
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

An out-of-bounds access issue was found in the Linux kernel networking subsystem in the way raw packet sockets (AF_PACKET) used PACKET_COPY_THRESH and mmap operations. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or privilege escalation.

Отчет

Only local users with CAP_NET_RAW capability enabled can trigger this issue. On Red Hat Enterprise Linux 8 CAP_NET_RAW capability can be gained by exploiting unprivileged user namespaces. In a default or common use of Red Hat Enterprise Linux 7 unprivileged user namespaces are disabled by default, so local unprivileged users cannot abuse namespaces to grant themselves the CAP_NET_RAW capability and potentially elevate their privileges on the system.

Меры по смягчению последствий

The mitigation is to disable CAP_NET_RAW capability for regular users and executables to prevent access to raw packet sockets (AF_PACKET). On Red Hat Enterprise Linux 8, the mitigation is to either disable unprivileged user namespaces with sysctl -w user.max_user_namespaces=0 or network namespaces with sysctl -w user.max_net_namespaces=0. For more information on how to set sysctl variables on Red Hat Enterprise Linux, please refer to https://access.redhat.com/solutions/2587.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2022:744408.11.2022
Red Hat Enterprise Linux 8kernelFixedRHSA-2022:768308.11.2022
Red Hat Enterprise Linux 8.6 Extended Update SupportkernelFixedRHSA-2024:093021.02.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:826715.11.2022
Red Hat Enterprise Linux 9kernel-rtFixedRHSA-2022:793315.11.2022
Red Hat Enterprise Linux 9kernelFixedRHSA-2022:826715.11.2022
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8kernelFixedRHSA-2024:093021.02.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2123695kernel: net/packet: slab-out-of-bounds access in packet_recvmsg()

EPSS

Процентиль: 25%
0.00083
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-20368

CVSS3: 7.8
ubuntu
почти 3 года назад

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

nvd логотип

CVE-2022-20368

CVSS3: 7.8
nvd
почти 3 года назад

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

debian логотип

CVE-2022-20368

CVSS3: 7.8
debian
почти 3 года назад

Product: AndroidVersions: Android kernelAndroid ID: A-224546354Referen ...

github логотип

GHSA-4x46-943r-8cjh

CVSS3: 9.8
github
почти 3 года назад

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

fstec логотип

BDU:2022-04989

CVSS3: 9.8
fstec
почти 3 года назад

Уязвимость функции packet_recvmsg() ядра операционной системы Android, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 25%
0.00083
Низкий

7 High

CVSS3