{
  "threat_severity" : "Important",
  "public_date" : "2022-02-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: heap out of bounds write in nf_dup_netdev.c",
    "id" : "2056830",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2056830"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.", "An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat." ],
  "statement" : "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 8.3 GA onwards. Previous Red Hat Enterprise Linux versions are not affected.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-04-26T00:00:00Z",
    "advisory" : "RHSA-2022:1555",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-348.23.1.rt7.153.el8_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-04-26T00:00:00Z",
    "advisory" : "RHSA-2022:1535",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-04-26T00:00:00Z",
    "advisory" : "RHSA-2022:1550",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-348.23.1.el8_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-04-19T00:00:00Z",
    "advisory" : "RHSA-2022:1413",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.4::nfv",
    "package" : "kernel-rt-0:4.18.0-305.45.1.rt7.117.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-04-19T00:00:00Z",
    "advisory" : "RHSA-2022:1418",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.4",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-04-20T00:00:00Z",
    "advisory" : "RHSA-2022:1455",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.4",
    "package" : "kernel-0:4.18.0-305.45.1.el8_4"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2022-06-03T00:00:00Z",
    "advisory" : "RHSA-2022:4896",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "redhat-virtualization-host-0:4.5.0-202205291010_8.6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-25636\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25636\nhttps://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6\nhttps://www.openwall.com/lists/oss-security/2022/02/21/2" ],
  "name" : "CVE-2022-25636",
  "mitigation" : {
    "value" : "The mitigation for the Red Hat Enterprise Linux 8 is to disable for unprivileged user possibilities of running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with the next command:\necho 0 > /proc/sys/user/max_user_namespaces\nFor making this change in configuration permanent.\nNote: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.\nConfigure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the \"/etc/sysctl.d/\" directory:\nuser.max_user_namespaces = 0\nThe system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:\n$ sudo sysctl --system\nThe other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: https://www.openshift.com/blog/seccomp-for-fun-and-profit",
    "lang" : "en:us"
  },
  "csaw" : false
}