Local Information Disclosure in Linux Kernel nf_tables_newset (CVE‑2022‑1972) – Potential Privilege Escalation Risk
What It Is – A flaw in the Linux kernel’s nf_tables_newset handling permits a local attacker to write past an allocated buffer, leaking kernel memory. While the vulnerability itself is classified as an information‑disclosure issue, it can be chained with other local bugs to achieve root‑level code execution.
Exploitability – The attack requires the attacker to already run low‑privileged code on the target system. No public exploit has been released, but the low CVSS 3.8 score (AV:L/AC:L/PR:L) reflects the limited remote impact.
Affected Products – All Linux distributions that ship the affected kernel version (kernel 5.10 and earlier) are vulnerable until patched.
TPRM Impact – Organizations that rely on Linux‑based infrastructure—cloud hosts, SaaS platforms, container orchestration services, and on‑premise data centers—face a supply‑chain risk. An attacker who compromises a single low‑privileged service could pivot to full system control, jeopardizing customer data and service continuity.
Recommended Actions –
- Deploy the latest kernel updates from your Linux distribution (e.g., Ubuntu security notice CVE‑2022‑2078).
- Verify kernel version on all production assets using automated inventory tools.
- Harden host configurations: restrict execution of untrusted code, employ SELinux/AppArmor, and enforce least‑privilege principles.
- Monitor for anomalous kernel‑level activity and integrate alerts for unexpected
nft_*system calls.