An error in the Linux kernel firewall code enables users to carry out commands as root. Administrators can apply a workaround.
Exploit code for NFTABLES errors
-Plime on a system with Ubuntu 22.04 can be successfully used for root access, explains the security researcher. However, we could not confirm this in our own experiments.
The error apparently received two CVE IDs due to a misunderstanding, namely CVE 2022-1966 and CVE-2022-32250. The ID CVE-1022-1966 originally awarded by Red has prevailed. The severity in the form of a CVSS scores of the gap has not yet been determined, but the minters from Ubuntu and Red Hat it is stages as & quot; high & quot; One.
The developers of the Linux kernel have already fixed the bug in the source code, but update packages have not yet been published by any distribution at the time of report. Administrators of multi-user systems should already act to prevent attacks by malicious users. These lose users the ability to create NFTABLES NAMESPACEs, which should prevent the security gap. However, the authors of Ubuntu write nothing in their security report:
$ Sudo sysctl -w kernel.unprivileged_userns_clone = 0
$ echo kernel.unprivileged_userns_clone = 0 | Sudo tea /etc/sysctl.d/99-disable-unpriv-userns.conf
Since most systems have such configuration files, this should also work there. If necessary, administrators should check whether the file /etc/sysctl.d/99-disable-unpriv-userns.conf is available and if necessary adapt the line.