CVE-2022-34918
CVE-2022-34918
Vexday Risk Score
60Atención
Decisión SSVC (CISA)
Act
Explotación + impacto → acción inmediata
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 5.5%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Ciclo de vida
07 feb 2022Exploit Metasploit disponible
04 jul 2022Publicada en NVD
19 jul 2022PoC pública
Velocidad de armamento
14 díashasta el primer PoC
Recomendación: Corregir cuanto antes — hay explotación activa confirmada.
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
vulncheckvulncheck.com/xdb/be21eda3c791no verificadovulncheckvulncheck.com/xdb/09fdd759b622no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.htmlhttp://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.htmlhttps://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40randorisec.fr/T/#uhttps://security.netapp.com/advisory/ntap-20220826-0004/https://www.debian.org/security/2022/dsa-5191https://www.openwall.com/lists/oss-security/2022/07/02/3https://www.randorisec.fr/crack-linux-firewall/http://www.openwall.com/lists/oss-security/2022/07/05/1http://www.openwall.com/lists/oss-security/2022/08/06/5