CVE-2022-1015: 
Linux Kernel vulnerability analysis and mitigation

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. The vulnerability (CVE-2022-1015) was discovered in March 2022 and allows a local user to cause an out-of-bounds write issue. The vulnerability affects Linux kernel versions from 5.12 up to (excluding) 5.16.18, specifically impacting the netfilter subsystem (NVD, Ubuntu).

The vulnerability exists in the nft_validate_register_store and nft_validate_register_load routines, where the validation of user register indices is improperly handled. The issue stems from a compiler optimization where enum nft_registers reg is not guaranteed to be a single byte, allowing attackers to forge expression register values that can overflow upon multiplication with NFT_REG32_SIZE. The vulnerability has a CVSS v3.1 Base Score of 6.6 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H (NVD, OSS Security).

The vulnerability provides attackers with a powerful primitive that can be used to both read from and write to relative stack data, potentially leading to arbitrary code execution. It can be exploited to achieve local privilege escalation by overwriting stack return addresses with crafted nft_expr_payload (OSS Security).

The vulnerability was fixed in Linux kernel version 5.16.18 through commit 6e1acfa387b9 ("netfilter: nf_tables: validate registers coming from userspace"). For systems unable to patch, a workaround is available by disabling unprivileged user namespaces using the command: sysctl -w kernel.unprivileged_userns_clone=0 (Red Hat Bugzilla).