A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a
kernel panic.
Tracked as
CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter subcomponent in the kernel. The issue was
discovered by Nick Gregory, a research scientist at Capsule8.
"This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat," Red Hat
said in an advisory published on February 22, 2022. Similar alerts have been released by
Debian,
Oracle Linux,
SUSE, and
Ubuntu.
Netfilter is a
framework provided by the Linux kernel that enables various networking-related operations, including packet filtering, network address translation, and port translation.
thehackernews.com
