1、 Vulnerability description
-
Vulnerability name: Linux kernel local privilege escalation vulnerability (CVE-2022-25636) -
Vulnerability tag: required vulnerability -
Local utilization: POC exists -
Vulnerability type: Linux software vulnerability -
Threat level: high risk -
CVE No.: CVE-2022-25636 -
Disclosure time: February 22, 2022 -
Vulnerability description: Due to the problem of write out of heap boundary, the netfilter subcomponent in the Linux kernel net/netfilter/nf_dup_netdev.c In nft_fwd_dup_netdev_offload An out of bounds (OOB) memory access flaw was found in. This vulnerability allows local attackers with user accounts on the system to gain access to out of bounds memory, leading to a system crash or privilege escalation threat.
2、 Repair plan
sudo apt-get update && sudo apt-get install --only-upgrade linux-image-amd64 && sudo update-grub
sudo dpkg -l linux-image-amd64
sudo apt-get update && sudo apt-get install --only-upgrade linux-image-generic && sudo update-grub
sudo dpkg -l linux-image-generic
sudo sysctl kernel.unprivileged_userns_clone=0