Attackers could gain root access using vulnerability in Linux Kernel Netfilter Firewall
Attackers could gain root access using vulnerability in Linux Kernel Netfilter Firewall
THREAT LEVEL: Amber.
For a detailed advisory, download the pdf file here.
A flaw in the Linux kernel has been discovered. If exploited, this flaw could allow a local attacker to gain privileges on targeted systems, allowing them to escape containers, execute arbitrary code, or cause a kernel panic.
This heap out-of-bounds write vulnerability has been assigned CVE-2022-25636 and affects the Linux kernel’s netfilter subcomponent. Netfilter is a Linux kernel framework that enables various networking-related operations such as packet filtering, network address translation, and port translation. The bug is related to an issue with the framework’s incorrect handling of the hardware offload feature, which could be utilized by a local attacker to cause a denial-of-service (DoS) or possibly execute arbitrary code.
This issue has been fixed in Linux kernel version 5.7 and vendors such as RedHat, SUSE, Ubuntu, and Oracle has also made a fix available for the same.
Potential MITRE ATT&CK TTPs are:
TA0042: Resource Development
T1588: Obtain Capabilities
T1588.006: Obtain Capabilities: Vulnerabilities
TA0001: Initial Access
T1190: Exploit Public-Facing Application
TA0040: Impact
T1499: Endpoint Denial of Service
T1499.004: Endpoint Denial of Service: Application or System Exploitation
Vulnerability Details
Patch Link
References
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
https://access.redhat.com/security/cve/CVE-2022-25636
https://www.openwall.com/lists/oss-security/2022/02/21/2
https://security-tracker.debian.org/tracker/CVE-2022-25636
https://linux.oracle.com/cve/CVE-2022-25636.html
