ZDI 2026-03-16

ZDI-26-193: (Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability

CVE-2022-1972

Machine-generated analysis · WAYSCloud LLM

The vulnerability requires local access and low-privileged code execution to exploit. It involves an out-of-bounds write in the nf_tables_newset component.

Context

This vulnerability affects the Linux Kernel's nf_tables_newset component. The advisory describes an out-of-bounds write information disclosure vulnerability. The ZDI assigned a CVSS rating of 3.8 and notes that exploitation requires local access with low-privileged code execution.

Operator considerations

The source does not provide enough basis for specific operator guidance beyond standard local privilege separation practices.

From Zero Day Initiative ↗

This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.8. The following CVEs are assigned: CVE-2022-1972.

Read the full advisory on ZDI →