A newly disclosed security flaw in the Linux kernel could be leveraged by a neighborhood adversary to gain elevated privileges on susceptible methods to execute arbitrary code, escape containers, or induce a kernel worry.
Tracked as CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 by way of 5.6.10 and is a end result of a heap out-of-bounds publish in the netfilter subcomponent in the kernel. The issue was found out by Nick Gregory, a investigate scientist at Capsule8.
“This flaw permits a nearby attacker with a consumer account on the procedure to get accessibility to out-of-bounds memory, top to a program crash or a privilege escalation risk,” Red Hat stated in an advisory revealed on February 22, 2022. Similar alerts have been launched by Debian, Oracle Linux, SUSE, and Ubuntu.
Netfilter is a framework supplied by the Linux kernel that allows a variety of networking-associated functions, together with packet filtering, network deal with translation, and port translation.
Especially, CVE-2022-25636 relates to an issue with incorrect managing of the framework’s hardware offload feature that could be weaponized by a neighborhood attacker to bring about a denial-of-service (DoS) or probably execute arbitrary code.
“Inspite of remaining in code working with components offload, this is reachable when focusing on network gadgets that will not have offload functionality (e.g. lo) as the bug is induced in advance of the rule creation fails.” Gregory stated. “On top of that, although nftables requires CAP_NET_ADMIN, we can unshare into a new network namespace to get this as a (commonly) unprivileged user.”
“This can be turned into kernel [return-oriented programming]/area privilege escalation devoid of way too substantially difficulty, as a single of the values that is written out of bounds is conveniently a pointer to a net_device composition,” Gregory included.
Located this article fascinating? Comply with THN on Fb, Twitter and LinkedIn to examine extra special written content we post.
Some parts of this article are sourced from:
thehackernews.com