netfilter newset stateless expression UAF
Bug #1976127 reported by
Thadeu Lima de Souza Cascardo
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Critical
|
Thadeu Lima de Souza Cascardo | ||
Bug Description
[Impact]
An unprivileged user could exploit a use-after-free vulnerability on nftables by using network namespaces.
[Test case]
Test PoC at https:/
[Potential regression]
nftables users could be affected.
CVE References
Revision history for this message
| Thadeu Lima de Souza Cascardo (cascardo) wrote | #1 |
| information type: | Private Security → Public Security |
| summary: |
- upcoming update + netfilter newset stateless expression UAF |
| Changed in linux (Ubuntu): | |
| assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
| status: | New → Fix Released |
| importance: | Undecided → Critical |
| description: | updated |
To post a comment you must log in.
This is CVE-2022-1966.