Описание
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.
Отчет
The latest kernel in RHCOS is kernel-4.18.0-305.49.1.el8 which does not contain the vulnerable code and is not affected, also OCP v4.9 or earlier are not affected.
Меры по смягчению последствий
In order to trigger the issue, it requires the ability to create user/net namespaces. On non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:
echo "user.max_user_namespaces=0" > /etc/sysctl.d/userns.conf
sysctl -p /etc/sysctl.d/userns.conf
On containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2022:5236 | 28.06.2022 |
| Red Hat Enterprise Linux 7 | kpatch-patch | Fixed | RHSA-2022:5216 | 28.06.2022 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2022:5232 | 28.06.2022 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | kernel | Fixed | RHSA-2022:5806 | 02.08.2022 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | kernel | Fixed | RHSA-2022:5805 | 02.08.2022 |
| Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | kernel | Fixed | RHSA-2022:5802 | 02.08.2022 |
| Red Hat Enterprise Linux 7.6 Telco Extended Update Support | kernel | Fixed | RHSA-2022:5802 | 02.08.2022 |
| Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions | kernel | Fixed | RHSA-2022:5802 | 02.08.2022 |
| Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions | kpatch-patch | Fixed | RHSA-2022:5804 | 02.08.2022 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allow ...
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
7.8 High
CVSS3