{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39190", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T12:00:42.525Z", "dateReserved": "2022-09-02T00:00:00", "datePublished": "2022-09-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-01T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://twitter.com/pr0Ln"}, {"url": "https://lore.kernel.org/all/20220824220330.64283-12-pablo%40netfilter.org/"}, {"url": "https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b"}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6"}, {"name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:42.525Z"}, "title": "CVE Program Container", "references": [{"url": "https://twitter.com/pr0Ln", "tags": ["x_transferred"]}, {"url": "https://lore.kernel.org/all/20220824220330.64283-12-pablo%40netfilter.org/", "tags": ["x_transferred"]}, {"url": "https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b", "tags": ["x_transferred"]}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E441584-F164-4965-A3FB-387CBF4C76F2", "versionEndExcluding": "5.19.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain."}, {"lang": "es", "value": "Se ha detectado un problema en el archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones anteriores a 5.19.6. Puede producirse una denegaci\u00f3n de servicio al vincularse a una cadena ya vinculada"}], "id": "CVE-2022-39190", "lastModified": "2023-11-07T03:50:20.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-02T05:15:07.737", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"}, {"source": "cve@mitre.org", "url": "https://lore.kernel.org/all/20220824220330.64283-12-pablo%40netfilter.org/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/pr0Ln"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:7933", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}], "bugzilla": {"description": "kernel: nf_tables disallow binding to already bound chain", "id": "2129152", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129152"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-392", "details": ["An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.", "A flaw was found in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2022-39190", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2022-08-21T22:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-39190\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39190\nhttps://lore.kernel.org/all/20220824220330.64283-12-pablo@netfilter.org/"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.0 rc3"}