Skip to content

nf_tables nft_set UAF (CVE-2022-32250)

Aynı bug/CVE: bkz. canonical not nf_tables limited UAF (CVE-2022-32250).

Mechanism

Geç bir NFT_EXPR_STATEFUL kontrolü, reddedilen non-stateful bir expression'ı set->bindings'de linkli kalırken free eder (dangling reference / UAF). Tam mekanizma canonical not'ta: nf_tables limited UAF (CVE-2022-32250).

Walkthrough

Tam walkthrough canonical not'ta: nf_tables limited UAF (CVE-2022-32250).

References