retired/CVE-2022-1016


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Description: netfilter: nf_tables: initialize registers in nft_do_chain()
References:
 https://www.openwall.com/lists/oss-security/2022/03/28/5
 http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/
Notes:
 carnil> Exploitable starting from commit 96518518cc41 (original merge
 carnil> of nf_tables) in 3.13-rc1.
 carnil> Fixed as well in 5.17.1 for 5.17.y and 5.16.18 for 5.16.y.
Bugs:
upstream: released (5.18-rc1) [4c905f6740a365464e91467aa50916555b28213d]
5.10-upstream-stable: released (5.10.109) [2c74374c2e88c7b7992bf808d9f9391f7452f9d9]
4.19-upstream-stable: released (4.19.237) [88791b79a1eb2ba94e95d039243e28433583a67b]
4.9-upstream-stable: released (4.9.309) [4d28522acd1c4415c85f6b33463713a268f68965]
sid: released (5.16.18-1)
5.10-bullseye-security: released (5.10.113-1)
4.19-buster-security: released (4.19.249-1)
4.9-stretch-security: released (4.9.320-2)