Several vulnerabilities have been identified in the Linux kernel, caused by accessing already freed memory areas and allowing a local user to elevate their privileges in the system. For all the problems under consideration, working prototypes of exploits have been created, which will be published a week after the publication of information about vulnerabilities. Bug fixes have been sent to the Linux kernel developers.
- CVE-2022-2588 - A vulnerability in the implementation of the cls_route filter caused by a bug due to which, when processing a null descriptor, the old filter was not removed from the hash table until the memory was cleared. The vulnerability has been present since release 2.6.12-rc2. The attack requires CAP_NET_ADMIN rights, which can be obtained by having access to create network namespaces (network namespace) or user namespaces (user namespace). As a security workaround, you can disable the cls_route module by adding the line 'install cls_route /bin/true' to modprobe.conf.
- CVE-2022-2586 is a vulnerability in the netfilter subsystem in the nf_tables module that provides the nftables packet filter. The problem is caused by the fact that the nft object can refer to a set list in another table, which results in a freed area of ββmemory being accessed after the table is deleted. The vulnerability has been present since the 3.16-rc1 release. The attack requires CAP_NET_ADMIN rights, which can be obtained by having access to create network namespaces (network namespace) or user namespaces (user namespace).
- CVE-2022-2585 is a vulnerability in POSIX CPU timer where, when called from a non-leading thread, the timer structure remains in the list despite clearing allocated memory. The vulnerability has been present since the 3.16-rc1 release.
Source: opennet.ru