{ "schema_version": "1.4.0", "id": "GHSA-jr8j-2jhp-m67v", "modified": "2022-09-16T17:17:56Z", "published": "2022-09-16T17:17:56Z", "aliases": [], "summary": "nftables binding to an already bound chain", "details": "### Impact\nAn issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain.\n\nAffected by this vulnerability is the function nft_verdict_init of the file net/netfilter/nf_tables_api.c. The manipulation with an unknown input leads to a denial of service vulnerability. The program does not release or incorrectly releases a resource before it is made available for re-use.\n\n### Patches\nThe fix has been backported to [5.15.64](https://www.linuxkernelcves.com/cves/CVE-2022-39190) version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.2.0 is shipped with Linux Kernel 5.15.64 fixing the above issue.\n\n### Workarounds\nIt's recommended to upgrade\n\n### References\n- https://www.sesin.at/2022/09/02/cve-2022-39190-linux-kernel-up-to-5-19-5-nf_tables_api-c-nft_verdict_init-denial-of-service/\n- https://nvd.nist.gov/vuln/detail/CVE-2022-39190\n\n### For more information\n- Email us at [security@siderolabs.com](mailto:security@siderolabs.com)", "severity": [], "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/siderolabs/talos" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.2.0" } ] } ] } ], "references": [ { "type": "WEB", "url": "https://github.com/siderolabs/talos/security/advisories/GHSA-jr8j-2jhp-m67v" }, { "type": "PACKAGE", "url": "https://github.com/siderolabs/talos" } ], "database_specific": { "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-09-16T17:17:56Z", "nvd_published_at": null } }