Bug 1200522 - (CVE-2022-2078) VUL-0: CVE-2022-2078: kernel: Vulnerability of buffer overflow in nft_set_desc_concat_parse()
(CVE-2022-2078)
VUL-0: CVE-2022-2078: kernel: Vulnerability of buffer overflow in nft_set_des...
Status: RESOLVED DUPLICATE of bug 1200019
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/334420/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-06-14 12:44 UTC by Carlos López
Modified: 2022-06-14 12:45 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-06-14 12:44:52 UTC
rh#2096178

An attacker can trigger a buffer overflow of the Linux kernel, via nft_set_desc_concat_parse(), in order to trigger a denial of service, and possibly to run code.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2096178
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2078
Comment 1 Carlos López 2022-06-14 12:45:18 UTC
Duplicate.

*** This bug has been marked as a duplicate of bug 1200019 ***