CVE-2022-1016: Use After Free

First published: Tue Mar 22 2022(Updated: )

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/kernel-rt	<0:4.18.0-425.3.1.rt7.213.el8	0:4.18.0-425.3.1.rt7.213.el8
redhat/kernel	<0:4.18.0-425.3.1.el8	0:4.18.0-425.3.1.el8
redhat/kernel	<0:5.14.0-162.6.1.el9_1	0:5.14.0-162.6.1.el9_1
redhat/kernel-rt	<0:5.14.0-162.6.1.rt21.168.el9_1	0:5.14.0-162.6.1.rt21.168.el9_1
redhat/kernel	<0:5.14.0-70.64.1.el9_0	0:5.14.0-70.64.1.el9_0
redhat/kernel-rt	<0:5.14.0-70.64.1.rt21.135.el9_0	0:5.14.0-70.64.1.rt21.135.el9_0
Linux Linux kernel	<=3.12
Linux Linux kernel	>=3.13<=5.17
Linux Linux kernel	=3.13-rc1
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux	=9.0
ubuntu/linux	<4.15.0-184.194	4.15.0-184.194
ubuntu/linux	<5.4.0-110.124	5.4.0-110.124
ubuntu/linux	<5.13.0-40.45	5.13.0-40.45
ubuntu/linux	<5.15.0-27.28	5.15.0-27.28
ubuntu/linux	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux	<4.4.0-239.273	4.4.0-239.273
ubuntu/linux-aws	<4.15.0-1133.143	4.15.0-1133.143
ubuntu/linux-aws	<5.4.0-1073.78	5.4.0-1073.78
ubuntu/linux-aws	<5.13.0-1022.24	5.13.0-1022.24
ubuntu/linux-aws	<5.15.0-1005.7	5.15.0-1005.7
ubuntu/linux-aws	<5.19.0-1001.1	5.19.0-1001.1
ubuntu/linux-aws	<4.4.0-1117.123	4.4.0-1117.123
ubuntu/linux-aws	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws	<4.4.0-1155.170	4.4.0-1155.170
ubuntu/linux-aws-5.0	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws-5.11	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws-5.13	<5.13.0-1022.24~20.04.1	5.13.0-1022.24~20.04.1
ubuntu/linux-aws-5.13	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws-5.3	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws-5.4	<5.4.0-1075.80~18.04.1	5.4.0-1075.80~18.04.1
ubuntu/linux-aws-5.4	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws-5.8	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws-6.5	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws-fips	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws-hwe	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-aws-hwe	<4.15.0-1133.143~16.04.1	4.15.0-1133.143~16.04.1
ubuntu/linux-azure	<5.4.0-1078.81	5.4.0-1078.81
ubuntu/linux-azure	<5.13.0-1022.26	5.13.0-1022.26
ubuntu/linux-azure	<5.15.0-1005.6	5.15.0-1005.6
ubuntu/linux-azure	<5.19.0-1001.1	5.19.0-1001.1
ubuntu/linux-azure	<4.15.0-1142.156~14.04.1	4.15.0-1142.156~14.04.1
ubuntu/linux-azure	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure	<4.15.0-1142.156~16.04.1	4.15.0-1142.156~16.04.1
ubuntu/linux-azure-4.15	<4.15.0-1142.156	4.15.0-1142.156
ubuntu/linux-azure-4.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure-5.11	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure-5.13	<5.13.0-1022.26~20.04.1	5.13.0-1022.26~20.04.1
ubuntu/linux-azure-5.13	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure-5.3	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure-5.4	<5.4.0-1078.81~18.04.1	5.4.0-1078.81~18.04.1
ubuntu/linux-azure-5.4	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure-6.5	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure-edge	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure-fde	<5.4.0-1078.81	5.4.0-1078.81
ubuntu/linux-azure-fde	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure-fde-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-azure-fips	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-bluefield	<5.4.0-1040.44	5.4.0-1040.44
ubuntu/linux-bluefield	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-dell300x	<4.15.0-1047.52	4.15.0-1047.52
ubuntu/linux-dell300x	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-fips	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gcp	<5.4.0-1073.78	5.4.0-1073.78
ubuntu/linux-gcp	<5.13.0-1024.29	5.13.0-1024.29
ubuntu/linux-gcp	<5.15.0-1004.7	5.15.0-1004.7
ubuntu/linux-gcp	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gcp	<4.15.0-1127.142~16.04.1	4.15.0-1127.142~16.04.1
ubuntu/linux-gcp-4.15	<4.15.0-1127.142	4.15.0-1127.142
ubuntu/linux-gcp-4.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gcp-5.11	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gcp-5.13	<5.13.0-1024.29~20.04.1	5.13.0-1024.29~20.04.1
ubuntu/linux-gcp-5.13	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gcp-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gcp-5.3	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gcp-5.4	<5.4.0-1073.78~18.04.1	5.4.0-1073.78~18.04.1
ubuntu/linux-gcp-5.8	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gcp-6.5	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gcp-fips	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gke	<5.4.0-1071.76	5.4.0-1071.76
ubuntu/linux-gke	<5.15.0-1003.3	5.15.0-1003.3
ubuntu/linux-gke	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gke-4.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gke-5.0	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gke-5.3	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gke-5.4	<5.4.0-1071.76~18.04.3	5.4.0-1071.76~18.04.3
ubuntu/linux-gke-5.4	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gkeop	<5.4.0-1040.41	5.4.0-1040.41
ubuntu/linux-gkeop	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gkeop-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-gkeop-5.4	<5.4.0-1040.41~18.04.1	5.4.0-1040.41~18.04.1
ubuntu/linux-gkeop-5.4	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-hwe	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-hwe	<4.15.0-184.194~16.04.1	4.15.0-184.194~16.04.1
ubuntu/linux-hwe-5.11	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-hwe-5.13	<5.13.0-40.45~20.04.1	5.13.0-40.45~20.04.1
ubuntu/linux-hwe-5.13	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-hwe-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-hwe-5.4	<5.4.0-110.124~18.04.1	5.4.0-110.124~18.04.1
ubuntu/linux-hwe-5.4	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-hwe-5.8	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-hwe-6.5	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-hwe-edge	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-ibm	<5.4.0-1021.23	5.4.0-1021.23
ubuntu/linux-ibm	<5.15.0-1003.3	5.15.0-1003.3
ubuntu/linux-ibm	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-ibm-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-ibm-5.4	<5.4.0-1021.23~18.04.1	5.4.0-1021.23~18.04.1
ubuntu/linux-ibm-5.4	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-intel	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-intel-5.13	<5.13.0-1011.11	5.13.0-1011.11
ubuntu/linux-intel-5.13	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-intel-iotg	<5.15.0-1008.11	5.15.0-1008.11
ubuntu/linux-intel-iotg	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-intel-iotg-5.15	<5.15.0-1008.11~20.04.1	5.15.0-1008.11~20.04.1
ubuntu/linux-intel-iotg-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-iot	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-kvm	<4.15.0-1119.123	4.15.0-1119.123
ubuntu/linux-kvm	<5.4.0-1063.66	5.4.0-1063.66
ubuntu/linux-kvm	<5.13.0-1021.22	5.13.0-1021.22
ubuntu/linux-kvm	<5.15.0-1005.5	5.15.0-1005.5
ubuntu/linux-kvm	<5.19.0-1001.1	5.19.0-1001.1
ubuntu/linux-kvm	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-kvm	<4.4.0-1118.128	4.4.0-1118.128
ubuntu/linux-laptop	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-lowlatency	<5.15.0-27.28	5.15.0-27.28
ubuntu/linux-lowlatency	<5.19.0-1001.1	5.19.0-1001.1
ubuntu/linux-lowlatency	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-lowlatency-hwe-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-lowlatency-hwe-6.5	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-lts-xenial	<4.4.0-239.273~14.04.1	4.4.0-239.273~14.04.1
ubuntu/linux-lts-xenial	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-nvidia	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-nvidia-6.5	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-nvidia-6.8	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-nvidia-lowlatency	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oem	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oem-5.10	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oem-5.13	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oem-5.14	<5.14.0-1033.36	5.14.0-1033.36
ubuntu/linux-oem-5.17	<5.17.0-1004.4	5.17.0-1004.4
ubuntu/linux-oem-5.17	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oem-5.6	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oem-6.5	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oem-6.8	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oem-osp1	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oracle	<4.15.0-1098.108	4.15.0-1098.108
ubuntu/linux-oracle	<5.4.0-1071.77	5.4.0-1071.77
ubuntu/linux-oracle	<5.13.0-1027.32	5.13.0-1027.32
ubuntu/linux-oracle	<5.15.0-1003.5	5.15.0-1003.5
ubuntu/linux-oracle	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oracle	<4.15.0-1098.108~16.04.1	4.15.0-1098.108~16.04.1
ubuntu/linux-oracle-5.0	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oracle-5.11	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oracle-5.13	<5.13.0-1027.32~20.04.1	5.13.0-1027.32~20.04.1
ubuntu/linux-oracle-5.13	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oracle-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oracle-5.3	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-oracle-5.4	<5.4.0-1071.77~18.04.1	5.4.0-1071.77~18.04.1
ubuntu/linux-oracle-6.5	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-raspi	<5.4.0-1060.68	5.4.0-1060.68
ubuntu/linux-raspi	<5.13.0-1025.27	5.13.0-1025.27
ubuntu/linux-raspi	<5.15.0-1006.6	5.15.0-1006.6
ubuntu/linux-raspi	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-raspi-5.4	<5.4.0-1060.68~18.04.1	5.4.0-1060.68~18.04.1
ubuntu/linux-raspi-5.4	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-raspi2	<4.15.0-1114.122	4.15.0-1114.122
ubuntu/linux-raspi2	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-raspi2-5.3	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-riscv	<5.13.0-1020.22	5.13.0-1020.22
ubuntu/linux-riscv	<5.15.0-1008.8	5.15.0-1008.8
ubuntu/linux-riscv	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-riscv-5.11	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-riscv-5.15	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-riscv-5.8	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-riscv-6.5	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-snapdragon	<4.15.0-1132.142	4.15.0-1132.142
ubuntu/linux-snapdragon	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-starfive	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-starfive-6.5	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
ubuntu/linux-xilinx-zynqmp	<5.18~<5.4.188<5.15.32	5.18~ 5.4.188 5.15.32
debian/linux		5.10.218-1 5.10.221-1 6.1.94-1 6.1.99-1 6.9.12-1 6.10.3-1

Remedy

On non-containerized deployments of Red Hat Enterprise Linux, you can disable user namespaces by setting user.max_user_namespaces to 0: # echo "user.max_user_namespaces=0" > /etc/sysctl.d/userns.conf # sysctl -p /etc/sysctl.d/userns.conf On containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.

Remedy

https://git.kernel.org/linus/96518518cc417bb0a8c80b9fb736202e28acdf96

Remedy

https://git.kernel.org/linus/4c905f6740a365464e91467aa50916555b28213d

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
agent/weakness
agent/severity
agent/remedy
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-1016
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
collector/usn-cve
source/Ubuntu
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/tags
package-manager/redhat
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/3.12
version/linux linux kernel/3.13
version/linux linux kernel/5.17
version/linux linux kernel/3.13-rc1
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/8.0
version/redhat enterprise linux/9.0
package-manager/ubuntu
package-manager/debian

CVE-2022-1016: Use After Free

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact