Two security researchers, Domingo Dirutigliano and Nicola Guerrera have discovered that the Linux kernel is affected by a potentially serious vulnerability that can be exploited by a remote attacker to launch denial-of-service (DoS) attacks.
Tracked as CVE-2022-36946, existed on nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel, could impact many devices, including servers and Android devices. The most popular distributor of open source Linux OS, Debian, Ubuntu, and SUSE warned about this vulnerability in a security update that may lead to a denial of service attack.
“nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len,” according to the mitre website.
Today, Github user @Pwnzer0tt1 shared the CVE-2022-36946 PoC with the detailed technique. “The kernel panics when sending nf_queue verdict with 1-byte nfta_payload attribute.”
“This happens because the IP/IPv6 stack pulls the IP(v6) header from the packet after the input hook. So, if user truncates the packet below the header size, this skb_pull() will result in a malformed skb resulting in a panic.”
At present, Linux kernel maintainers have officially issued security patches. It’s recommended that users update Linux servers immediately and apply the patches for other distros as soon as they are available.
