ISN 2022-05: Netfilter Escalation of Privilege

First published 14th March 2022

CVSS 3.1 Base Score: 7.8 (High)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability has been found in the Netfilter component in the Linux kernel. This affects the following IGEL products:

• IGEL OS 11

Details

An out-of-bounds (OOB) memory access flaw has been found in the Netfilter code of the Linux kernel (CVE-2022-25636). This can enable an unprivileged local user to escalate their privileges or crash the system.

Update Instructions

• IGEL OS 11: Update to IGEL OS 11.07.100 (to be released on March 29th)

Mitigation

This issue can be mitigated by not giving users access to a terminal/virtual console on IGEL OS, which they could use to configure and run the exploit code:

Remove an existing local terminal session:

1. In IGEL Setup, go to Accessories > Terminals.

2. Select a local terminal session you want to delete.

3. Click the trash icon to remove the selected session.

4. When prompted, confirm that you want to delete the session.

5. Click Apply.

Or password-protect the local terminal with the Administrator password:

1. Find the local terminal session under Accessories > Terminals.

2. Follow the instructions under IGEL OS PUBLIC > Versions of IGEL OS > (11.09-en) IGEL OS > (11.09-en) IGEL OS Articles > (11.09-en) Security > (11.09-en) Security IGEL OS Endpoints > (11.09-en) Setting Passwords > (11.09-en) Password-Protecting Sessions and Accessories.

Disable virtual console access:

1. In IGEL Setup, go to User Interface > Display > Access Control.

2. Activate Disable console switching (Default: Console switching enabled)

3. Click Apply.

References

• CVE-2022-25636: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25636