high
7.8
CWE
269 787
Advisory Published
CVE Published
Updated

CVE-2022-25636

First published: Tue Feb 22 2022(Updated: )

An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in netfilter subcomponent in the Linux kernel due to a heap out of bounds write problem. In this flaw, an attacker with a user account on the system to gain access to out-of-bounds memory leads to a system crash or a privilege escalation threat. Reference: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6">https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6</a> <a href="https://www.openwall.com/lists/oss-security/2022/02/21/2">https://www.openwall.com/lists/oss-security/2022/02/21/2</a>

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<0:4.18.0-348.23.1.rt7.153.el8_5
0:4.18.0-348.23.1.rt7.153.el8_5
redhat/kernel<0:4.18.0-348.23.1.el8_5
0:4.18.0-348.23.1.el8_5
redhat/kernel-rt<0:4.18.0-305.45.1.rt7.117.el8_4
0:4.18.0-305.45.1.rt7.117.el8_4
redhat/kernel<0:4.18.0-305.45.1.el8_4
0:4.18.0-305.45.1.el8_4
Linux Kernel>=5.4<5.4.182
Linux Kernel>=5.5<5.10.103
Linux Kernel>=5.11<5.15.26
Linux Kernel>=5.16<5.16.12
Debian=11.0
NetApp Baseboard Management Controller H300E
NetApp Baseboard Management Controller H300S
NetApp Baseboard Management Controller H410C Firmware
NetApp Baseboard Management Controller H410S
NetApp Baseboard Management Controller H500E Firmware
NetApp Baseboard Management Controller H500S
NetApp Baseboard Management Controller H700E Firmware
NetApp Baseboard Management Controller H700S
Oracle Communications Cloud Native Core Binding Support Function=22.1.3
Oracle Communications Cloud Native Core Network Exposure Function=22.1.1
Oracle Communications Cloud Native Core Policy=22.2.0
NetApp H300E Firmware
NetApp H300S Firmware
NetApp H410C Firmware
NetApp H410S Firmware
NetApp H500e Firmware
NetApp H500e Firmware
NetApp H700E
NetApp H700S
debian/linux
5.10.223-1
5.10.234-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.17-1

Remedy

The mitigation for the Red Hat Enterprise Linux 8 is to disable for unprivileged user possibilities of running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with the next command: echo 0 > /proc/sys/user/max_user_namespaces For making this change in configuration permanent. Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable. Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d/" directory: user.max_user_namespaces = 0 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command: $ sudo sysctl --system The other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: https://www.openshift.com/blog/seccomp-for-fun-and-profit

Remedy

http://www.openwall.com/lists/oss-security/2022/02/22/1

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6

Remedy

https://www.oracle.com/security-alerts/cpujul2022.html

Remedy

Disable unprivileged user namespaces to restrict access to privileged users (have CAP_NET_ADMIN) via the kernel.unprivileged_userns_clone sysctl: $ sudo sysctl kernel.unprivileged_userns_clone=0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2022-25636?

    CVE-2022-25636 has been classified as a high severity vulnerability due to the potential for out-of-bounds memory access and exploitation.

  • How do I fix CVE-2022-25636?

    To fix CVE-2022-25636, users should update their kernel to the patched versions provided by their respective distributions, such as kernel-rt or the standard kernel from Red Hat and Debian.

  • What types of systems are affected by CVE-2022-25636?

    CVE-2022-25636 affects Linux kernel versions that are susceptible to the identified out-of-bounds memory access issue, particularly those versions between 5.4 and 5.16.

  • Can CVE-2022-25636 be exploited remotely?

    CVE-2022-25636 requires an attacker to have local user access to exploit the vulnerability, thus making remote exploitation less likely.

  • What can attackers achieve by exploiting CVE-2022-25636?

    Exploiting CVE-2022-25636 may allow attackers to corrupt memory, leading to potential denial of service or gaining control over the affected systems.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203