In Netfilter, the Linux nucleus subsystem used for filtering and modifying network packages, vulnerability is revealed (CVE), which allows the local user to execute the code at the level of the nucleus and raise their privileges in the system. The researchers demonstrated an exploit that allowed the local user to obtain Root Rights in Ubuntu 22.04 with a nucleus 5.15.0-39-Generic. Initially, it was planned to publish information about vulnerability on August 15, but because of Copying Letters with an exploit prototype to the public list of mailing, the embargo to disclose information was canceled.
The problem is manifested starting from the release of the nucleus 5.8 and is caused by the overwhelming of the buffer in the code for processing SET-list in the NF_TABALES module, which occurred due to the lack of proper checks in the function nft_set_elem_init . The error is entered in change , expanding to 128 bytes, the region of the list for the list elements.
The attack requires access to NFTables, which can be obtained in a separate network space of names (Network Namespaces) in the presence of clone_newuser, clone_newns or clone_newnet (for example, if it is possible to launch an isolated container). Correction so far inaccessible .
To block the operation of vulnerability in ordinary systems, you should make sure that the possibility of creating the spaces of names are unheard of users (“Sudo Syssctl -Kernel.unprivileged_userns_clone = 0”).