CVE-2022-25636

CVSS v3.1 7.8 (High)

CVSS v2.0 6.9 (Medium)

EPSS 0.04 % (13^th)

Affected Products 13

Advisories 24

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

Weaknesses

CWE-269: Improper Privilege Management

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2022-02-24 15:15:31
(2 years ago)
Updated Date: 2023-11-09 13:57:20
(10 months ago)

Affected Products

Debian

Debian Linux

Linux

Linux Kernel

Netapp

Oracle

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.4 version and prior 5.4.182 version	cpe:2.3:o:linux:linux_kernel	>= 5.4	< 5.4.182
Linux Kernel from 5.5 version and prior 5.10.103 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.10.103
Linux Kernel from 5.11 version and prior 5.15.26 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.26
Linux Kernel from 5.16 version and prior 5.16.12 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 5.16.12

Configuration #2

		CPE23	From	Up To
	Debian Linux 11.0	cpe:2.3:o:debian:debian_linux:11.0

Configuration #3

		CPE23	From	Up To
	Netapp H300e	cpe:2.3:h:netapp:h300e:-
	Netapp H300s	cpe:2.3:h:netapp:h300s:-
	Netapp H410c	cpe:2.3:h:netapp:h410c:-
	Netapp H410s	cpe:2.3:h:netapp:h410s:-
	Netapp H500e	cpe:2.3:h:netapp:h500e:-
	Netapp H500s	cpe:2.3:h:netapp:h500s:-
	Netapp H700e	cpe:2.3:h:netapp:h700e:-
	Netapp H700s	cpe:2.3:h:netapp:h700s:-

Configuration #4

		CPE23	From	Up To
	Oracle Communications Cloud Native Core Binding Support Function 22.1.3	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3
	Oracle Communications Cloud Native Core Network Exposure Function 22.1.1	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1
	Oracle Communications Cloud Native Core Policy 22.2.0	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0