by vicarius
log in join community
by @basantSingh007
25 Aug 2023
#cve_analysis

Write a blog analysis for a CVE

publish

Use-After-Free Vulnerability - CVE-2022-32250

by @basantSingh007
by @basantSingh007
25 Aug 2023
#cve_analysis

Write a blog analysis for a CVE

publish

Use-After-Free Vulnerability - CVE-2022-32250

CVEs

CVE-2022-32250
7.8 High Severity

OS

Fedora
FedoraFedoraproject
41.0.1.0.*
40.0.0.0.*
*.*
3334.*
37.*
30.*
40.*
38.*
28.*
31.*
Debian Linux
Debian LinuxDebian
22.04.*
2.5.3-3.*
2.5.3-16.*
2.5.2-1.*
*.*
2.1.8.8.p3-1.1.*
10.10.*
3.0.23.*
12.4.*
3.0.18.*
LK
Linux KernelLinux
6.1.168.*
5.10.253.*
6.12.83.*
6.12.81.*
6.12.82.*
6.1.169.*
6.12.80.*
6.12.78.*
6.19.14.*
5.15.203.*
HF
H410S FirmwareNetapp
-.*
HF
H700S FirmwareNetapp
-.*
HF
H500S FirmwareNetapp
-.*
HF
H300S FirmwareNetapp
-.*
HF
H410C FirmwareNetapp
-.*

Screenshots from the blog posts

images/cll658k0vaa071io84j4sg4ms.jpgimages/cll658k0vaa071io84j4sg4ms.jpg

Summary

CVE-2022-32250 - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Description

Tags

#CVE-2022-32250#nft_tables#netfilter#nf_tables#UAF
users/photos/clppy146t93zn1hnace5s1c7a.jpg

@basantSingh007

6 posts

Total vcoins

0

Comments (2)