CVE-2022-36946

HIGH

Linux Kernel < 4.9.326 - Denial of Service

Title source: rule

Description

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

Exploits (3)

nomisec WORKING POC 22 stars

by Pwnzer0tt1 · poc

https://github.com/Pwnzer0tt1/CVE-2022-36946

View Code ZIP pw:eip

nomisec STUB 1 stars

by Satheesh575555 · poc

https://github.com/Satheesh575555/linux-4.19.72_CVE-2022-36946

View Code ZIP pw:eip

gitlab STUB

by Satheesh575555 · poc

https://gitlab.com/Satheesh575555/linux-4-19-72_CVE-2022-36946

View Code ZIP pw:eip

References (6)

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html

[Mailing List, Patch, Third Party Advisory] https://marc.info/?l=netfilter-devel&m=165883202007292&w=2

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220901-0007/

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5207

[Patch] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164

Scores

CVSS v3 7.5

EPSS 0.0508

EPSS Percentile 89.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (8)

debian/debian_linux 10.0

debian/debian_linux 11.0

linux/linux_kernel 2.6.14 - 4.9.326

netapp/active_iq_unified_manager

netapp/hci_compute_node

netapp/solidfire_enterprise_sds

netapp/solidfire_\&_hci_management_node

netapp/solidfire_\&_hci_storage_node

Published Jul 27, 2022

Tracked Since Feb 18, 2026