An out-of-bound write vulnerability was identified within the netfilter subsystem in linux kernel before v4.9.313,v4.14.278,v4.19.242,v5.4.193,v5.10.115,v5.15.39,v5.17.7, and v5.18-rc6, which can be exploited to achieve privilege escalation to root. The netfilter subsystem did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code.
CVE-2022-1972 - High Severity Vulnerability
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: 63ec46be94f7d206b296bb6c7cd636df4b2eaddd
Found in base branch: master
An out-of-bound write vulnerability was identified within the netfilter subsystem in linux kernel before v4.9.313,v4.14.278,v4.19.242,v5.4.193,v5.10.115,v5.15.39,v5.17.7, and v5.18-rc6, which can be exploited to achieve privilege escalation to root. The netfilter subsystem did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code.
Publish Date: 2022-06-02
URL: CVE-2022-1972
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2022-06-02
Fix Resolution: v5.10.120,v5.15.45,v5.17.13,v5.18.2
Step up your Open Source Security Game with Mend here