{"vulnerability": "CVE-2022-25636", "sightings": [{"uuid": "2a1d9cf4-acfd-4849-8a73-077c96c269f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "seen", "source": "Telegram/TXmZ8EBGvdc4uufvEqu6hfgyjEc7K_gjD1Jpp8Uzvu6-KK0", "content": "", "creation_timestamp": "2023-03-23T09:18:19.000000Z"}, {"uuid": "7a79f8ce-bfa9-4e2b-b00e-1670b4a363fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1427", "content": "kernel-linux-factory\n*\n\u0423\u0434\u043e\u0431\u043d\u043e \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u043a\u043e\u043c\u043f\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u0441\u0440\u0435\u0434\u0443, \u0433\u043b\u044f\u043d\u0443\u043b \u043a\u0430\u043a\u043e\u0435 \u044f\u0434\u0440\u043e, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b \u0441\u043f\u043b\u043e\u0435\u0442, \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043f\u043e \u043c\u043e\u0440\u0434\u0435 #root\n*\n\u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 exploits \u0434\u043b\u044f:\nCVE-2016-9793\n4-20-BPF-integer\nCVE-2017-5123\nCVE-2017-6074\nCVE-2017-7308\nCVE-2017-8890\nCVE-2017-11176\nCVE-2017-16995\nCVE-2017-1000112\nCVE-2018-5333\nCVE-2019-9213 & CVE-2019-8956\nCVE-2019-15666\nCVE-2020-8835\nCVE-2020-27194\nCVE-2021-3156\nCVE-2021-31440\nCVE-2021-3490\nCVE-2021-22555\nCVE-2021-41073\nCVE-2021-4154\nCVE-2021-42008\nCVE-2021-43267\nCVE-2022-0185\nCVE-2022-0847\nCVE-2022-0995\nCVE-2022-1015\nCVE-2022-2588\nCVE-2022-2639\nCVE-2022-25636\nCVE-2022-27666\nCVE-2022-32250\nCVE-2022-34918\n\ndownload\n\n#linux #exploits #kernel", "creation_timestamp": "2023-03-23T06:30:43.000000Z"}, {"uuid": "655b4083-4344-4c5c-9c3f-ced24837511f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/721", "content": "LPE exploit for CVE-2022-25636 \n* \u0414\u044b\u0440\u043a\u0430 \u043c\u043e\u0434\u0443\u043b\u0435 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 Netfilter \u0432 \u044f\u0434\u0440\u0435 Linux\n* \u0417\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u044f\u0434\u0440\u0430 Linux \u0441 5.4 \u043f\u043e 5.6.10\n* \u0441\u043f\u043b\u043e\u0438\u0442 \u0442\u0430\u043a\u043e\u0439 \u0447\u0442\u043e \u043b\u0438\u0431\u043e root \u043b\u0438\u0431\u043e DOS\n* \u041f\u043e\u043b\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0442\u0443\u0442\n* \u0441\u043f\u043b\u043e\u0438\u0442 \u0442\u0443\u0442\n#exploit #lpe #linux", "creation_timestamp": "2022-03-17T11:22:49.000000Z"}, {"uuid": "21007492-70fc-4ef1-9b20-f93a212a4872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "seen", "source": "Telegram/bdFtpM6QWdKBtuuaZtZwEAiOnlidaCJZStFoISkoiZlk77g", "content": "", "creation_timestamp": "2022-03-16T07:33:58.000000Z"}, {"uuid": "cd3ecf8c-9c5b-408d-a542-217edc69b8a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1790", "content": "#exploit\n1. CVE-2022-22005:\nMicrosoft Sharepoint RCE\nhttps://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE\n\n2. CVE-2022-25636:\nnet/netfilter/nf_dup_netdev.c in the Linux kernel <5.6.10 allows local users to gain privileges because of a heap out-of-bounds write\nhttps://github.com/Bonfee/CVE-2022-25636\n\n@BlueRedTeam", "creation_timestamp": "2022-03-09T10:01:49.000000Z"}, {"uuid": "af0a0c50-79a2-417f-afe4-aa04751a8f2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1801", "content": "#exploit\n1. Oracle Access Manager Pre-Auth RCE Analysis (CVE-2021-35587)\nhttps://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316\n2. The Discovery and Exploitation of CVE-2022-25636\nhttps://nickgregory.me/linux/security/2022/03/12/cve-2022-25636\n\n@BlueRedTeam", "creation_timestamp": "2022-03-15T21:14:07.000000Z"}, {"uuid": "fd8613f4-dd95-4905-8a2d-fe8ce4f927d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5570", "content": "#exploit\n1. CVE-2022-22005:\nMicrosoft Sharepoint RCE\nhttps://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE\n\n2. CVE-2022-25636:\nnet/netfilter/nf_dup_netdev.c in the Linux kernel <5.6.10 allows local users to gain privileges because of a heap out-of-bounds write\nhttps://github.com/Bonfee/CVE-2022-25636", "creation_timestamp": "2022-03-09T11:03:01.000000Z"}, {"uuid": "cd81b976-68d9-41f0-a0fd-8d820402e2b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/5786", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Mar 1-31)\n\nCVE-2022-1096 - Type Confusion in V8\nhttps://github.com/Maverick-cmd/Chrome-and-Edge-Version-Dumper\nCVE-2022-0847 - Dirty Pipe Vuln\nhttps://t.me/CyberSecurityTechnologies/5560\nCVE-2022-0778 - OpenSSL Illegal x.509 certificate construction\nhttps://t.me/CyberSecurityTechnologies/5692\nCVE-2022-0492 - Privilege escalation vuln causing container escape\nhttps://sysdig.com/blog/detecting-mitigating-cve-2022-0492-sysdig\nCVE-2022-22947 - Spring Cloud Gateway RCE\nhttps://t.me/CyberSecurityTechnologies/5554\nCVE-2022-22963 - Spring Core RCE\nhttps://t.me/CyberSecurityTechnologies/5711\nCVE-2022-25636 - net/netfilter/nf_dup_netdev.c in the Linux kernel <5.6.10 allows local users to gain privileges because of a heap out-of-bounds write\nhttps://t.me/CyberSecurityTechnologies/5570\nCVE-2022-27254 - Vuln in Honda's Remote Keyless System\nhttps://github.com/nonamecoder/CVE-2022-27254\nCVE-2022-0609 - https://blog.google/threat-analysis-group/countering-threats-north-korea", "creation_timestamp": "2022-04-11T11:00:21.000000Z"}, {"uuid": "0e580020-a9d6-4e2a-8706-b49f52187504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "seen", "source": "https://t.me/GithubRedTeam/1710", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-0185 analysis write up\nURL\uff1ahttps://github.com/chenaotian/CVE-2022-25636\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-03-24T07:09:53.000000Z"}, {"uuid": "bacac734-9bae-418c-b410-4c0418529eb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "seen", "source": "https://t.me/GithubRedTeam/1602", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-25636\nURL\uff1ahttps://github.com/Udyz/CVE-2022-0847", "creation_timestamp": "2022-03-07T14:34:43.000000Z"}, {"uuid": "51d52658-9701-4835-bb6f-8f139c107bae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1601", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-25636\nURL\uff1ahttps://github.com/Bonfee/CVE-2022-25636", "creation_timestamp": "2022-03-07T14:16:40.000000Z"}, {"uuid": "e3aafc25-8f17-43f7-a263-b743aa937a41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5601", "content": "#exploit\n1. Oracle Access Manager Pre-Auth RCE Analysis (CVE-2021-35587)\nhttps://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316\n2. The Discovery and Exploitation of CVE-2022-25636\nhttps://nickgregory.me/linux/security/2022/03/12/cve-2022-25636", "creation_timestamp": "2022-03-14T11:00:19.000000Z"}, {"uuid": "8bab8919-13bb-4e48-9095-01b01c2a8bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/157", "content": "The Discovery and Exploitation of CVE-2022-25636\n\nNick Gregory published an article about exploiting a heap out-of-bounds write in netfilter. The researcher managed to hijack the kernel control flow.", "creation_timestamp": "2022-03-14T22:25:48.000000Z"}, {"uuid": "aa49dd09-5059-4f68-8813-3f040025388a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "seen", "source": "https://t.me/thehackernews/1974", "content": "A newly discovered vulnerability (CVE-2022-25636) in the Netfilter #firewall module of Linux kernel could be exploited to gain root privileges on vulnerable systems, escape containers or cause a kernel panic.\n\nDetails: https://thehackernews.com/2022/03/new-linux-bug-in-netfilter-firewall.html", "creation_timestamp": "2022-03-14T12:07:07.000000Z"}, {"uuid": "9fc01e6d-8753-4a33-a636-f6084fc63a9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9028", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day: New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access.\n\nTracked as CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter subcomponent in the kernel. The issue was discovered by Nick Gregory, a research scientist at Capsule8.\n\nhttps://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/\n\nhttps://thehackernews.com/2022/03/new-linux-bug-in-netfilter-firewall.html", "creation_timestamp": "2022-03-14T16:34:52.000000Z"}, {"uuid": "530a0d37-9217-43f2-8663-667dc4ca8af5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25636", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1860", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-25636 exploit rewritten with pipe primitive\nURL\uff1ahttps://github.com/veritas501/CVE-2022-25636-PipeVersion\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-04-05T08:59:41.000000Z"}]}