Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1qcjhqLTJqaHAtbTY3ds4AAu1Y

nftables binding to an already bound chain

Impact

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain.

Affected by this vulnerability is the function nft_verdict_init of the file net/netfilter/nf_tables_api.c. The manipulation with an unknown input leads to a denial of service vulnerability. The program does not release or incorrectly releases a resource before it is made available for re-use.

Patches

The fix has been backported to 5.15.64 version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.2.0 is shipped with Linux Kernel 5.15.64 fixing the above issue.

Workarounds

It's recommended to upgrade

References

• https://www.sesin.at/2022/09/02/cve-2022-39190-linux-kernel-up-to-5-19-5-nf_tables_api-c-nft_verdict_init-denial-of-service/
• https://nvd.nist.gov/vuln/detail/CVE-2022-39190

For more information

• Email us at [email protected]

Permalink: https://github.com/advisories/GHSA-jr8j-2jhp-m67v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcjhqLTJqaHAtbTY3ds4AAu1Y
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: over 1 year ago

Identifiers: GHSA-jr8j-2jhp-m67v
References:

• https://github.com/siderolabs/talos/security/advisories/GHSA-jr8j-2jhp-m67v
• https://github.com/advisories/GHSA-jr8j-2jhp-m67v

Repository: https://github.com/siderolabs/talos
Blast Radius: 0.0

Affected Packages