{"id":"CVE-2022-32250","details":"net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.","modified":"2026-03-15T22:45:13.190433Z","published":"2022-06-02T21:15:07.973Z","related":["ALSA-2022:5819","ALSA-2022:5834","SUSE-SU-2022:2172-1","SUSE-SU-2022:2177-1","SUSE-SU-2022:2214-1","SUSE-SU-2022:2216-1","SUSE-SU-2022:2230-1","SUSE-SU-2022:2239-1","SUSE-SU-2022:2245-1","SUSE-SU-2022:2262-1","SUSE-SU-2022:2268-1","SUSE-SU-2022:2722-1","SUSE-SU-2022:2741-1","SUSE-SU-2022:2875-1","SUSE-SU-2022:2875-2","SUSE-SU-2022:3293-1","SUSE-SU-2022:3450-1","SUSE-SU-2022:4617-1","openSUSE-SU-2022:2177-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/06/20/1"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/07/03/6"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220715-0005/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5161"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/07/03/5"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/09/02/9"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5173"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092427"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2022/06/03/1"},{"type":"FIX","url":"https://www.openwall.com/lists/oss-security/2022/05/31/1"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2022/06/04/1"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2022/08/25/1"},{"type":"EVIDENCE","url":"https://github.com/theori-io/CVE-2022-32250-exploit"},{"type":"EVIDENCE","url":"https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.1"},{"fixed":"4.9.318"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.283"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.247"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.198"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.120"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.45"}]},{"events":[{"introduced":"5.16"},{"fixed":"5.17.13"}]},{"events":[{"introduced":"5.18"},{"fixed":"5.18.2"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32250.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}