Rewterz Threat Advisory – CVE-2022-25636 – Linux Kernel Vulnerability

Rewterz Threat Advisory – Multiple IBM Sterling Secure Proxy Vulnerabilities

February 24, 2022

Rewterz Threat Advisory – CVE-2022-0721 – Cisco FXOS and Cisco NX-OS Vulnerability

February 24, 2022

Rewterz Threat Advisory – CVE-2022-25636 – Linux Kernel Vulnerability

Severity

High

Analysis Summary

CVE-2022-25636

Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write in the nft_fwd_dup_netdev_offload function in nf_dup_netdev.c. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

Impact

Privilege Escalation

Indicators of Compromise

CVE

CVE-2022-25636

Affected Vendors

Linux

Affected Products

Linux Kernel 5.4
Linux Kernel 5.5
Linux Kernel 5.6.0
Linux Kernel 5.7.0

Remediation

Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information.

https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6

Rewterz Threat Advisory – Multiple IBM Sterling Secure Proxy Vulnerabilities

Rewterz Threat Advisory – CVE-2022-0721 – Cisco FXOS and Cisco NX-OS Vulnerability

Rewterz Threat Advisory – CVE-2022-25636 – Linux Kernel Vulnerability

Severity

Analysis Summary

CVE-2022-25636

Impact

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan