CVE-2022-34918

Description from NVD

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Information Acquisition Date:2022-07-25T14:54Z
CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:L/AC:L/Au:N/C:C/I:C/A:C

NVD References

 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6
     source:MISC
     tags:Mailing List    Patch    Vendor Advisory    
 https://www.openwall.com/lists/oss-security/2022/07/02/3
     source:MISC
     tags:Exploit    Mailing List    Third Party Advisory    
 https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/#u
     source:MISC
     tags:Exploit    Mailing List    Vendor Advisory    
 [oss-security] 20220705 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init
     source:MLIST
     tags:Exploit    Mailing List    Third Party Advisory    
 https://www.randorisec.fr/crack-linux-firewall/
     source:MISC
     tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(2 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com56
https://www.reddit.com/r/netsec44
https://bit.ly/CVEDashboard3
https://github.com/randorisec/CVE-2022-34918-LPE-PoC3
https://twitter.com/RandoriSec/status/15497245784690892843
https://randorisec.fr/crack-linux-firewall3
http://security.sios.com3
https://www.randorisec.fr/crack-linux-firewall3
https://securityonline.info/cve-2022-34918-linux-kernel-pri...3

Information from Twitter

User URL Info Source Date
YASMINC95937622 https://www.randorisec.fr/crack-linux-firewall Source YASMINC95937622 1619600328021934080 2023/01/29
calderon_myong https://www.randorisec.fr/crack-linux-firewall Source calderon_myong   1624678471602688000 2023/02/12
passthesaltcon https://github.com/randorisec/CVE-2022-34918-LPE-PoC Source passthesaltcon   1630864213353586691 2023/03/01

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com56
www.reddit.com44
bit.ly3
github.com3
twitter.com3
randorisec.fr3
security.sios.com3
www.randorisec.fr3
securityonline.info3

Information from Twitter

User URL Info Source
YASMINC95937622 randorisec.fr Show Tweet
calderon_myong randorisec.fr Show Tweet
passthesaltcon github.com Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2023/03/01 Score : 0
Added Har-sia Database : 2022/07/05
Last Modified : 2023/03/01
Highest Scored Date : 2022/07/21
Highest Score : 40