CVE-2022-1966

Public on 2022-06-06
Modified on 2024-03-01
Description

A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.

Severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2022-06-30 23:38 ALAS-2022-1604
Amazon Linux 2 - Core kernel 2022-07-06 03:13 ALAS2-2022-1813
Amazon Linux 2 - Kernel-5.10 Extra kernel 2022-06-30 22:29 ALAS2KERNEL-5.10-2022-015
Amazon Linux 2 - Kernel-5.15 Extra kernel 2022-06-30 22:29 ALAS2KERNEL-5.15-2022-002
Amazon Linux 2 - Kernel-5.4 Extra kernel 2022-06-30 22:29 ALAS2KERNEL-5.4-2022-028
Amazon Linux 2023 kernel 2023-02-17 20:46 ALAS2023-2023-070
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.109-104.500 2022-06-30 22:29 ALAS2LIVEPATCH-2022-079
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.109-104.500 2022-07-11 14:43 ALAS2LIVEPATCH-2022-082
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.109-104.500 2022-07-19 16:02 ALAS2LIVEPATCH-2022-085
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.112-108.499 2022-07-19 16:02 ALAS2LIVEPATCH-2022-084
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.112-108.499 2022-07-11 14:43 ALAS2LIVEPATCH-2022-081
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.112-108.499 2022-06-30 22:29 ALAS2LIVEPATCH-2022-078
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.118-111.515 2022-07-11 14:43 ALAS2LIVEPATCH-2022-083
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.118-111.515 2022-06-30 22:29 ALAS2LIVEPATCH-2022-080
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.118-111.515 2022-07-19 16:02 ALAS2LIVEPATCH-2022-086

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H