This is CVE-2022-1966. ** Information type changed from Private Security to Public Security
** Summary changed: - upcoming update + netfilter newset stateless expression UAF ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1966 ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo) ** Changed in: linux (Ubuntu) Status: New => Fix Released ** Changed in: linux (Ubuntu) Importance: Undecided => Critical ** Description changed: - placeholder + [Impact] + An unprivileged user could exploit a use-after-free vulnerability on nftables by using network namespaces. + + [Test case] + Test PoC at https://seclists.org/oss-sec/2022/q2/159. + + [Potential regression] + nftables users could be affected. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1976127 Title: netfilter newset stateless expression UAF Status in linux package in Ubuntu: Fix Released Bug description: [Impact] An unprivileged user could exploit a use-after-free vulnerability on nftables by using network namespaces. [Test case] Test PoC at https://seclists.org/oss-sec/2022/q2/159. [Potential regression] nftables users could be affected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1976127/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp