Bug 1200494 - VUL-0: CVE-2022-1966: kernel: netfilter: nf_tables: incorrect NFT_STATEFUL_EXPR check leads to a use-after-free (write)
VUL-0: CVE-2022-1966: kernel: netfilter: nf_tables: incorrect NFT_STATEFUL_EX...
Status: RESOLVED DUPLICATE of bug 1200015
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/333630/
CVSSv3.1:SUSE:CVE-2022-32250:7.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-06-13 12:19 UTC by Alexander Bergmann
Modified: 2022-08-09 16:28 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Alexander Bergmann 2022-06-13 12:21:39 UTC
This bug was only opened for reference.

The issue is actually tracked in:

bsc#1200015 VUL-0: CVE-2022-1966: kernel: use-after-free in the netfilter subsys

*** This bug has been marked as a duplicate of bug 1200015 ***
Comment 2 Carlos López 2022-06-22 08:32:48 UTC
(In reply to Alexander Bergmann from comment #1)
> This bug was only opened for reference.
> 
> The issue is actually tracked in:
> 
> bsc#1200015 VUL-0: CVE-2022-1966: kernel: use-after-free in the netfilter
> subsys
> 
> *** This bug has been marked as a duplicate of bug 1200015 ***

FTR: CVE-2022-32250 is now the valid CVE, so this bug will become CVE-2022-1966. bnc#1200015 is now CVE-2022-32250.
Comment 3 Swamp Workflow Management 2022-06-24 13:19:18 UTC
SUSE-SU-2022:2172-1: An update that solves 7 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 1177282,1184924,1198924,1199365,1199482,1200015,1200143,1200144,1200206,1200207,1200249,1200259,1200263,1200343,1200494,1200529,1200604
CVE References: CVE-2020-26541,CVE-2022-1012,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-20141,CVE-2022-32250
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.62.1, kernel-source-azure-5.3.18-150300.38.62.1, kernel-syms-azure-5.3.18-150300.38.62.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.62.1, kernel-source-azure-5.3.18-150300.38.62.1, kernel-syms-azure-5.3.18-150300.38.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2022-08-09 16:28:18 UTC
SUSE-SU-2022:2722-1: An update that solves 5 vulnerabilities, contains 9 features and has 31 fixes is now available.

Category: security (important)
Bug References: 1190256,1190497,1198410,1198829,1199086,1199291,1199364,1199665,1199670,1200015,1200465,1200494,1200644,1200651,1201258,1201323,1201381,1201391,1201427,1201458,1201471,1201524,1201592,1201593,1201595,1201596,1201635,1201651,1201675,1201691,1201705,1201725,1201846,1201930,1201954,1201958
CVE References: CVE-2021-33655,CVE-2022-1462,CVE-2022-21505,CVE-2022-29581,CVE-2022-32250
JIRA References: SLE-18130,SLE-20183,SLE-21132,SLE-24569,SLE-24570,SLE-24571,SLE-24578,SLE-24635,SLE-24682
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.10.1, kernel-source-azure-5.14.21-150400.14.10.1, kernel-syms-azure-5.14.21-150400.14.10.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.10.1, kernel-source-azure-5.14.21-150400.14.10.1, kernel-syms-azure-5.14.21-150400.14.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.