Описание
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat.
Отчет
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 8.3 GA onwards. Previous Red Hat Enterprise Linux versions are not affected.
Меры по смягчению последствий
The mitigation for the Red Hat Enterprise Linux 8 is to disable for unprivileged user possibilities of running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with the next command: echo 0 > /proc/sys/user/max_user_namespaces For making this change in configuration permanent. Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable. Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d/" directory: user.max_user_namespaces = 0 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command: $ sudo sysctl --system The other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: https://www.openshift.com/blog/seccomp-for-fun-and-profit
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2022:1555 | 26.04.2022 |
| Red Hat Enterprise Linux 8 | kpatch-patch | Fixed | RHSA-2022:1535 | 26.04.2022 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2022:1550 | 26.04.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | kernel-rt | Fixed | RHSA-2022:1413 | 19.04.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | kpatch-patch | Fixed | RHSA-2022:1418 | 19.04.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 a ...
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
EPSS
7.8 High
CVSS3