EGI SVG Advisories


Title:   EGI SVG 'ADVISORY' [TLP:WHITE] HIGH risk - 2 Netfilter Vulnerabilities 
         CVE-2022-1015, CVE-2022-1016  [EGI-SVG-CVE-2022-1015]

Date:    2022-08-08
Updated: 2022-09-26

Affected software and risk

HIGH risk vulnerabilities concerning Netfilter

Package    : Netfilter
CVE ID     : CVE-2022-1015, CVE-2022-1016
Bug ID     : 
CVSS Score : 6.6 (for CVE-2022-1015) [R 1] 5.5 (for CVE-2022-1016) [R 2]

2 vulnerabilities have been reported concerning the Linux kernel Netfilter, 
both which may allow privilege escalation. [R 1] [R 2].  Not all versions 
of linux are affected.

Actions required/recommended

Sites should check whether they are  running a vulnerable kernel and in a vulnerable 
configuration. If they are they should either:-- 

a) install an updated version of the Linux kernel, if a patched version is available for 
the distribution they have installed.


b) Carry out the mitigation below, if it is not already in place.

The EGI SVG considers the mitigation is sufficient to protect sites from this vulnerability. 

It is noted that there is not yet a patch for RHEL7 and RHEL 8 (but these are only 
vulnerable to CVE-2022-1016)  or RHEL 9. 

Component installation information

Sites running RHEL should see [R 1], [R 2] (patch not available yet)

Sites running Debian should see [R 3] [R 4] 

Sites running Ubuntu should see [R 5] [R 6]

Sites running RockyLinux should see [R 7] 

Sites running Almalinux should see [R 8]


Sites should disable  _network_ namespaces, unless they are  needed.
Note that we in general recommend to disable  _network_ namespaces unless they are explicitly 
required on the host, as this mitigates many vulnerabilities.

Note that this works for Singularity [R 10], thus allowing unprivileged user namespaces to be 
kept enabled for Singularity. 

Affected software details

According to RedHat:--

CVE-2022-1015 only affects RHEL 9.
CVE-2022-1016 affects RHEL7, RHEL 8 and RHEL 9.

Note that it is not fully clear to whether RHEL7 is affected or not. 
Red Hat simply says 'Out of support scope'. 

More information

EGI SVG considers this 'HIGH' risk due to the way that Worker Nodes and User Interfaces operate, 
in cases where this vulnerability is exploitable.  This is because large numbers of users are 
able to access a system. This means a local root exploit is more serious than in typical scenarios 
outside of our grid environment.

It is noted that in for RHEL7 it states out of support scope. nftables is tech preview only in 
RHEL7, which means that the risk for RHEL7 is likely to be low.  


** WHITE information - Unlimited distribution
 - see for
   distribution restrictions **
Minor updates may be made without re-distribution to the sites


Comments or questions should be sent to svg-rat  at
If you find or become aware of another vulnerability which is relevant to EGI
you may report it by e-mail to

report-vulnerability at

the EGI Software Vulnerability Group will take a look according to the
procedure defined in [R 99]


[R 1]

[R 2]

[R 3]

[R 4]

[R 5]

[R 6]

[R 7] 

[R 8] 

[R 9]

[R 99]

SVG was alerted to this vulnerability by Sam Skipsey


Yyyy-mm-dd  [EGI-SVG-2022-CVE-2022-1015] 

2022-03-29 SVG alerted to this issue by Sam Skipsey
2022-03-29 Acknowledgement from the EGI SVG to the reporter
2022-03--- Investigation of vulnerability and relevance to EGI carried out 
2022-04-08 After testing, unable to get exploit to work
2022-07-28 Looked again.
2022-08-02 Drafted advisory to suggest vulnerable sites patch if possible and/or take 
           mitigating action
2022-08-08 Advisory sent to sites.
2022-09-26 Advisory placed on


This advisory has been prepared as part of the effort to fulfil EGI SVG's
purpose "To minimize the risk to the EGI infrastructure arising from software
The risk is that assessed by the group, according to the EGI SVG issue handling
procedure [R 99] in the context of how the software is used in the EGI
infrastructure. It is the opinion of the group, we do not guarantee it to be
correct. The risk may also be higher or lower in other deployments depending on
how the software is used.

This advisory is subject to the Creative commons licence 
and the EGI Software Vulnerability Group must be credited. 

On behalf of the EGI SVG,