CVE-2022-1015 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Unknown
Remote	Unknown
Type	Unknown
Description	CVE-2022-1015 pertains to an out of bounds access in nf_tables expression evaluation due to validation of user register indices. It leads to local privilege escalation, for example by overwriting a stack return address OOB with a crafted nft_expr_payload. CVE-2022-1015 is exploitable starting from commit 345023b0db3 ("netfilter: nftables: add nft_parse_register_store() and use it"), v5.12 and has been fixed in commit 6e1acfa387b9 ("netfilter: nf_tables: validate registers coming from userspace.").

Group	Package	Affected	Fixed	Severity	Status
AVG-2701	linux-lts	5.15.14-1		High	Vulnerable
AVG-2700	linux-hardened	5.16.20.hardened1-1	5.17.5.hardened1-1	High	Fixed
AVG-2699	linux-zen	5.17.2.zen3-1	5.17.3.zen1-1	High	Fixed
AVG-2698	linux	5.17.2.arch3-1	5.17.3.arch1-1	High	Fixed

References
https://www.openwall.com/lists/oss-security/2022/03/28/5

Notes
TODO