The issue was discovered by David Herrmann.

CVE-2018-17144: A pipe redirection flaw was found in the way nf_tables_sync() handled redirecting pipes. A user with the ability to create/remove network namespaces could potentially use this flaw to bypass intended network access restrictions. This issue has been resolved by disabling network namespace creation/removal by default. As a workaround, the user can set the net.net_adm_network_ns sysctl to 0 to disable the feature completely.
To reduce the impact of this issue, the nft command has been updated to no longer allow user name/namespace creation when using the redirection feature. Note that user namespaces are still possible using the traditional method.
This issue does not occur when redirecting standard input or standard output.

CVE-2018-17142: An issue was discovered in the Linux kernel before version 5.18. There is a race condition in close() operation between the inode being locked by kernel and the device’s driver. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges.
The Common Vulnerabilities and Exposures project ID is CVE-2018-17142.

CVE-2018-17143: An issue was discovered in the Linux kernel through 5.18. An incorrect function dereference could cause an out-of term system

Mitigation steps for cve-2018-17141

This issue does not occur when redirecting standard input or standard output.

How to fix nft command not working after updating

The issue was discovered by David Herrmann.
CVE-2018-17144: A pipe redirection flaw was found in the way nf_tables_sync() handled redirecting pipes. A user with the ability to create/remove network namespaces could potentially use this flaw to bypass intended network access restrictions. This issue has been resolved by disabling network namespace creation/removal by default. As a workaround, the user can set the net.net_adm_network_ns sysctl to 0 to disable the feature completely.
To reduce the impact of this issue, the nft command has been updated to no longer allow user name/namespace creation when using the redirection feature. Note that user namespaces are still possible using the traditional method.
This issue does not occur when redirecting standard input or standard output.
CVE-2018-17142: An issue was discovered in the Linux kernel before version 5.18. There is a race condition in close() operation between the inode being locked by kernel and the device’s driver. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges.
The Common Vulnerabilities and Exposures project ID is CVE-2018-17142.
CVE-2018-17143: An issue was discovered in the Linux kernel through 5.18. An incorrect function dereference could cause an out-of term

Timeline

Published on: 06/02/2022 21:15:00 UTC
Last modified on: 08/25/2022 17:15:00 UTC

References