[PoC] CVE-2022-32250: Linux Kernel Privilege Escalation Flaw

Recently, Linux kernel maintainers issued a risk notice for the Linux Kernel privilege escalation vulnerability, the vulnerability number is CVE-2022-32250. This flaw is a use-after-free bug that was found in the Linux kernel’s net/netfilter/nf_tables_api.c.

“nft_expr_init() calls expr->ops->init() first, then check for NFT_STATEFUL_EXPR, this stills allows to initialize a non-stateful
lookup expressions which points to a set, which might lead to UAF since the set is not properly detached from the set->binding for this case. Anyway, this combination is non-sense from nf_tables perspective.”

The issue is a use-after-free write vulnerability was identified within the netfilter subsystem which can be exploited to achieve privilege escalation to root. Use-after-free refers to a memory corruption bug that occurs when an application tries to use memory no longer assigned to it (or freed) – after that memory has been assigned to another application. This can cause crashes and data to be inadvertently overwritten, or in cyber attack scenarios can lead to arbitrary code execution or allow an attacker to gain remote code execution capabilities. It was proven to allow for a local privilege escalation to root on the current kernel version 5.18.1. In order to trigger the CVE-2022-32250 flaw, it requires the ability to create user/net namespaces.

At present, Linux kernel maintainers have officially issued security patches. It’s recommended that users update Linux servers immediately and apply the patches for other distros as soon as they are available.

Update: August 24

Today, the researcher releases the detailed technical and publishes the PoC code.