nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because in the case of an nf_queue verdict with a one-byte nfta_payload attribute an skb_pull can encounter a negative skb->len. — CVE-2022-36946

Summary

Advisory CVE-2022-36946. nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service… Vendor: Microsoft. Source: MSRC. Threat: high. CVSS 7.5. See the official…

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2206
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2207
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2257
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2022-2210
• A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information causing a denial of service. CVE-2022-1651
• A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. CVE-2022-1671
• A OS Command Injection vulnerability exists in Node.js versions &lt;14.20.0 &lt;16.20.0 &lt;18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. CVE-2022-32212
• Active Directory Federation Services Elevation of Privilege Vulnerability CVE-2022-30215
• An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. CVE-2022-30550
• An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges a different vulnerability than CVE-2022-32250. (The attacker can obtain root access but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. CVE-2022-34918
• Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets CVE-2022-34169
• Azure Site Recovery Elevation of Privilege Vulnerability CVE-2022-33674