CVE-2022-36946

HIGH

Linux Kernel 2.6.14-5.18.14 - Denial of Service via Negative skb->len in nfqnl_mangle

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-36946. PoCs published by Pwnzer0tt1, Satheesh575555.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2022-36946, a kernel panic vulnerability in the Linux netfilter module triggered by sending an nf_queue verdict with a 0-byte nfta_payload attribute. The exploit includes multiple variants (root, rootless, and Podman) and leverages user namespaces to achieve privilege escalation without root access.

Description

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

Exploits (3)

nomisec WORKING POC 22 stars
by Pwnzer0tt1 · poc
https://github.com/Pwnzer0tt1/CVE-2022-36946

This repository contains functional exploit code for CVE-2022-36946, a kernel panic vulnerability in the Linux netfilter module triggered by sending an nf_queue verdict with a 0-byte nfta_payload attribute. The exploit includes multiple variants (root, rootless, and Podman) and leverages user namespaces to achieve privilege escalation without root access.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel (netfilter/nfnetlink_queue) < 5.19
No auth needed
Prerequisites: Vulnerable Linux kernel · CAP_NET_ADMIN capability (or user namespace with unprivileged_userns_clone enabled)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec STUB 1 stars
by Satheesh575555 · poc
https://github.com/Satheesh575555/linux-4.19.72_CVE-2022-36946

The repository contains only documentation files and build scripts from the Linux kernel, with no actual exploit code or technical analysis related to CVE-2022-36946. It appears to be a partial or mislabeled kernel source dump.

Classification
Stub 90%
Attack Type
Other
Complexity
N/a
Reliability
Theoretical
Target: Linux kernel (version unclear)
No auth needed
Prerequisites: N/A
devstral-2 · analyzed Feb 18, 2026 Full analysis →
gitlab STUB
by Satheesh575555 · poc
https://gitlab.com/Satheesh575555/linux-4-19-72_CVE-2022-36946

The repository contains only documentation files and build scripts from a Linux kernel tree, with no actual exploit code or technical analysis related to CVE-2022-36946.

Classification
Stub 90%
Attack Type
Other
Complexity
N/a
Reliability
Theoretical
Target: Linux kernel (version unclear)
No auth needed
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 7.5
EPSS 0.0556
EPSS Percentile 91.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

Status published
Products (8)
debian/debian_linux 10.0
debian/debian_linux 11.0
linux/linux_kernel 2.6.14 - 4.9.326
netapp/active_iq_unified_manager
netapp/hci_compute_node
netapp/solidfire_\&_hci_management_node
netapp/solidfire_\&_hci_storage_node
netapp/solidfire_enterprise_sds
Published Jul 27, 2022
Tracked Since Feb 18, 2026