Download page ISN 2022-05: Netfilter Escalation of Privilege.
ISN 2022-05: Netfilter Escalation of Privilege
First published 14th March 2022
CVSS 3.1 Base Score: 7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been found in the Netfilter component in the Linux kernel. This affects the following IGEL products:
IGEL OS 11
Details
An out-of-bounds (OOB) memory access flaw has been found in the Netfilter code of the Linux kernel (CVE-2022-25636). This can enable an unprivileged local user to escalate their privileges or crash the system.
Update Instructions
IGEL OS 11: Update to IGEL OS 11.07.100 (to be released on March 29th)
Mitigation
This issue can be mitigated by not giving users access to a terminal/virtual console on IGEL OS, which they could use to configure and run the exploit code:
Remove an existing local terminal session:
In IGEL Setup, go to Accessories > Terminals.
Select a local terminal session you want to delete.
Click the trash icon to remove the selected session.
When prompted, confirm that you want to delete the session.
Click Apply.
Or password-protect the local terminal with the Administrator password:
Find the local terminal session under Accessories > Terminals.