nf_tables nft_set UAF (CVE-2022-32250)¶
Aynı bug/CVE: bkz. canonical not nf_tables limited UAF (CVE-2022-32250).
Mechanism¶
Geç bir NFT_EXPR_STATEFUL kontrolü, reddedilen non-stateful bir expression'ı set->bindings'de linkli kalırken free eder (dangling reference / UAF). Tam mekanizma canonical not'ta: nf_tables limited UAF (CVE-2022-32250).
Walkthrough¶
Tam walkthrough canonical not'ta: nf_tables limited UAF (CVE-2022-32250).