CVE-2022-34918: Linux Kernel Privilege Escalation Vulnerability

Recently, Linux kernel maintainers issued a risk notice for the Linux Kernel privilege escalation vulnerability, the vulnerability number is CVE-2022-34918. This flaw is a type confusion bug flaw that was found in the Linux kernel’s nft_set_elem_init. This bug was reported by a security researcher, Arthur Mongodin. The researcher’s successful exploitation of this bug leads to a Local Privilege Escalation (LPE) to the `root` user, as tested on Ubuntu server 22.04
(Linux 5.15.0-39-generic). Also, Mongodin promises to release a more detailed blog post and the exploit on August, 15th 2022 as a potential date for public disclosure.

CVE-2022-34918 is a heap buffer overflow due to a weak check and has been introduced within the netfilter which can be exploited to achieve privilege escalation to root. It was proven to allow a local privilege escalation to root on the Linux kernel since version 5.8 and is still present today.

The netfilter hooks are a framework inside the Linux kernel that allows kernel modules to register callback functions at different locations of the Linux network stack. The registered callback function is then called back for every packet that traverses the respective hook within the Linux network stack. Connection tracking in the Linux kernel is implemented as a module in the Netfilter framework. Netfilter is a packet manipulating and filtering framework inside the kernel. It provides several hooking points inside the kernel, so packet hooking, filtering, and many other processings could be done.

This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. At present, Linux kernel maintainers have officially issued security patches. It’s recommended that users update Linux servers immediately and apply the patches for other distros as soon as they are available.