cve/2022/CVE-2022-34918.md

### [CVE-2022-34918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

### POC

#### Reference
- http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html
- http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html
- http://www.openwall.com/lists/oss-security/2022/07/05/1
- https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/#u
- https://www.openwall.com/lists/oss-security/2022/07/02/3
- https://www.randorisec.fr/crack-linux-firewall/

#### Github
- https://github.com/0xMarcio/cve
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xZipp0/OSCP
- https://github.com/0xsyr0/OSCP
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/HaxorSecInfec/autoroot.sh
- https://github.com/IdanBanani/ELF-Injection-Shellcode-Bridgehead
- https://github.com/IdanBanani/ELF-Processs-Injection-Linux-Android
- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits
- https://github.com/Ly0nt4r/OSCP
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/Sechack06/CVE-2022-34918
- https://github.com/SenukDias/OSCP_cheat
- https://github.com/SirElmard/ethical_hacking
- https://github.com/Snoopy-Sec/Localroot-ALL-CVE
- https://github.com/WhooAmii/POC_to_review
- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits
- https://github.com/bsauce/kernel-exploit-factory
- https://github.com/bsauce/kernel-security-learning
- https://github.com/dkb4rb/KernelExploiting
- https://github.com/e-hakson/OSCP
- https://github.com/eljosep/OSCP-Guide
- https://github.com/exfilt/CheatSheet
- https://github.com/felixfu59/kernel-hack
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/kdn111/linux-kernel-exploitation
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/khanhdn111/linux-kernel-exploitation
- https://github.com/khanhdz-06/linux-kernel-exploitation
- https://github.com/khanhdz191/linux-kernel-exploitation
- https://github.com/khanhhdz/linux-kernel-exploitation
- https://github.com/khanhhdz06/linux-kernel-exploitation
- https://github.com/khanhnd123/linux-kernel-exploitation
- https://github.com/klemakle/audit-pentest-BOX
- https://github.com/knd06/linux-kernel-exploitation
- https://github.com/lanleft/CVE-2023-1829
- https://github.com/lanleft/CVE2023-1829
- https://github.com/linulinu/CVE-2022-34918
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/manas3c/CVE-POC
- https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC
- https://github.com/merlinepedra25/CVE-2022-34918-LPE-PoC
- https://github.com/ndk06/linux-kernel-exploitation
- https://github.com/ndk191/linux-kernel-exploitation
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oscpname/OSCP_cheat
- https://github.com/parth45/cheatsheet
- https://github.com/purplewall1206/ERA-eBPF-assisted-Randomize-Allocator
- https://github.com/randorisec/CVE-2022-34918-LPE-PoC
- https://github.com/revanmalang/OSCP
- https://github.com/ssr-111/linux-kernel-exploitation
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/tr3ss/gofetch
- https://github.com/trhacknon/CVE-2022-34918-LPE-PoC
- https://github.com/trhacknon/Pocingit
- https://github.com/txuswashere/OSCP
- https://github.com/veritas501/CVE-2022-34918
- https://github.com/whoforget/CVE-POC
- https://github.com/wkhnh06/linux-kernel-exploitation
- https://github.com/xairy/linux-kernel-exploitation
- https://github.com/xhref/OSCP
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-34918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html`
			`- http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html`
			`- http://www.openwall.com/lists/oss-security/2022/07/05/1`
			`- https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/#u`
			`- https://www.openwall.com/lists/oss-security/2022/07/02/3`
			`- https://www.randorisec.fr/crack-linux-firewall/`

			`#### Github`
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`- https://github.com/0xMarcio/cve`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/0xStrygwyr/OSCP-Guide`
			`- https://github.com/0xZipp0/OSCP`
			`- https://github.com/0xsyr0/OSCP`
			`- https://github.com/20142995/sectool`
			`- https://github.com/ARPSyndicate/cvemon`
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`- https://github.com/HaxorSecInfec/autoroot.sh`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/IdanBanani/ELF-Injection-Shellcode-Bridgehead`
Update CVE sources 2024-08-07 19:02 2024-08-07 19:02:05 +00:00			`- https://github.com/IdanBanani/ELF-Processs-Injection-Linux-Android`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits`
			`- https://github.com/Ly0nt4r/OSCP`
			`- https://github.com/Mr-xn/Penetration_Testing_POC`
			`- https://github.com/NaInSec/CVE-PoC-in-GitHub`
			`- https://github.com/SYRTI/POC_to_review`
			`- https://github.com/Sechack06/CVE-2022-34918`
Update CVE sources 2024-08-05 18:41 2024-08-05 18:41:32 +00:00			`- https://github.com/SenukDias/OSCP_cheat`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/SirElmard/ethical_hacking`
			`- https://github.com/Snoopy-Sec/Localroot-ALL-CVE`
			`- https://github.com/WhooAmii/POC_to_review`
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/bsauce/kernel-exploit-factory`
			`- https://github.com/bsauce/kernel-security-learning`
			`- https://github.com/dkb4rb/KernelExploiting`
			`- https://github.com/e-hakson/OSCP`
			`- https://github.com/eljosep/OSCP-Guide`
Update CVE sources 2024-08-22 18:33 2024-08-22 18:33:16 +00:00			`- https://github.com/exfilt/CheatSheet`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/felixfu59/kernel-hack`
			`- https://github.com/k0mi-tg/CVE-POC`
			`- https://github.com/kdn111/linux-kernel-exploitation`
			`- https://github.com/kgwanjala/oscp-cheatsheet`
			`- https://github.com/khanhdn111/linux-kernel-exploitation`
			`- https://github.com/khanhdz-06/linux-kernel-exploitation`
			`- https://github.com/khanhdz191/linux-kernel-exploitation`
			`- https://github.com/khanhhdz/linux-kernel-exploitation`
			`- https://github.com/khanhhdz06/linux-kernel-exploitation`
			`- https://github.com/khanhnd123/linux-kernel-exploitation`
			`- https://github.com/klemakle/audit-pentest-BOX`
			`- https://github.com/knd06/linux-kernel-exploitation`
Update CVE sources 2024-06-10 07:22 2024-06-10 07:22:43 +00:00			`- https://github.com/lanleft/CVE-2023-1829`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/lanleft/CVE2023-1829`
			`- https://github.com/linulinu/CVE-2022-34918`
			`- https://github.com/lions2012/Penetration_Testing_POC`
			`- https://github.com/manas3c/CVE-POC`
			`- https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC`
			`- https://github.com/merlinepedra25/CVE-2022-34918-LPE-PoC`
Update CVE sources 2024-08-11 18:44 2024-08-11 18:44:53 +00:00			`- https://github.com/ndk06/linux-kernel-exploitation`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/ndk191/linux-kernel-exploitation`
			`- https://github.com/nitishbadole/oscp-note-3`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/oscpname/OSCP_cheat`
Update CVE sources 2024-08-22 18:33 2024-08-22 18:33:16 +00:00			`- https://github.com/parth45/cheatsheet`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/purplewall1206/ERA-eBPF-assisted-Randomize-Allocator`
			`- https://github.com/randorisec/CVE-2022-34918-LPE-PoC`
			`- https://github.com/revanmalang/OSCP`
			`- https://github.com/ssr-111/linux-kernel-exploitation`
			`- https://github.com/taielab/awesome-hacking-lists`
			`- https://github.com/tr3ss/gofetch`
			`- https://github.com/trhacknon/CVE-2022-34918-LPE-PoC`
			`- https://github.com/trhacknon/Pocingit`
			`- https://github.com/txuswashere/OSCP`
			`- https://github.com/veritas501/CVE-2022-34918`
			`- https://github.com/whoforget/CVE-POC`
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`- https://github.com/wkhnh06/linux-kernel-exploitation`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/xairy/linux-kernel-exploitation`
			`- https://github.com/xhref/OSCP`
			`- https://github.com/xuetusummer/Penetration_Testing_POC`
			`- https://github.com/youwizard/CVE-POC`
			`- https://github.com/zecool/cve`