Headline
RHSA-2022:6592: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-34918: kernel: heap overflow in nft_set_elem_init()
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-09-20
Updated:
2022-09-20
RHSA-2022:6592 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kpatch-patch security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
- kernel: heap overflow in nft_set_elem_init() (CVE-2022-34918)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
Fixes
- BZ - 2104423 - CVE-2022-34918 kernel: heap overflow in nft_set_elem_init()
Red Hat Enterprise Linux for x86_64 9
SRPM
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.src.rpm
SHA-256: 5ec6efa5e1c741b21ce95b32227386e44ab6f99c30232d839a0fdae9d62cd839
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.src.rpm
SHA-256: 9a0408f8b120348bfccb1a8805cbcd9b42c2e4d57ec9810c38d5308518ac7298
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.src.rpm
SHA-256: c2e177d93812f43d14ea8f898cc6cb015119c3a3505647131ec2285874732ce1
x86_64
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.x86_64.rpm
SHA-256: 03dbdf447407a444f2cb1e6c56990a7e59c3a40a20e186dce7dad8ac3e05ba7f
kpatch-patch-5_14_0-70_13_1-debuginfo-1-2.el9_0.x86_64.rpm
SHA-256: 334c5f2681c0110b1d2552dfb8df958ab5432ccf75633875a6d2861c66ee906c
kpatch-patch-5_14_0-70_13_1-debugsource-1-2.el9_0.x86_64.rpm
SHA-256: 036a2cfef61a927adc10f6cee9e859f367d92bbd4e6b152a050131fdd0c81b56
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.x86_64.rpm
SHA-256: 70dee70516074f535bca77785572c2c67053d2588554bd848a62e88fb21465a4
kpatch-patch-5_14_0-70_17_1-debuginfo-1-1.el9_0.x86_64.rpm
SHA-256: 51cfc1c603b619420493db87d72a3d0642d8326ac1713be093ff954b857327c3
kpatch-patch-5_14_0-70_17_1-debugsource-1-1.el9_0.x86_64.rpm
SHA-256: 071ea5fbdff99037f6830478060a49e6e81df472c5dfaa1fb603e4e4bffb787e
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.x86_64.rpm
SHA-256: f3c8d356c821c2bafbe207b556bf27ecb17a09a5bc54fb70cba47f55c56bb351
kpatch-patch-5_14_0-70_22_1-debuginfo-1-1.el9_0.x86_64.rpm
SHA-256: 133a79dd5996c7fec9660408bfea4531d04262f2d951dfc4909e0f3c1740b71f
kpatch-patch-5_14_0-70_22_1-debugsource-1-1.el9_0.x86_64.rpm
SHA-256: f0daa568cb991d9e6c03131640c8aa8b2d8d000f7340f1e1ae0a916e46339bbd
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.src.rpm
SHA-256: 5ec6efa5e1c741b21ce95b32227386e44ab6f99c30232d839a0fdae9d62cd839
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.src.rpm
SHA-256: 9a0408f8b120348bfccb1a8805cbcd9b42c2e4d57ec9810c38d5308518ac7298
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.src.rpm
SHA-256: c2e177d93812f43d14ea8f898cc6cb015119c3a3505647131ec2285874732ce1
x86_64
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.x86_64.rpm
SHA-256: 03dbdf447407a444f2cb1e6c56990a7e59c3a40a20e186dce7dad8ac3e05ba7f
kpatch-patch-5_14_0-70_13_1-debuginfo-1-2.el9_0.x86_64.rpm
SHA-256: 334c5f2681c0110b1d2552dfb8df958ab5432ccf75633875a6d2861c66ee906c
kpatch-patch-5_14_0-70_13_1-debugsource-1-2.el9_0.x86_64.rpm
SHA-256: 036a2cfef61a927adc10f6cee9e859f367d92bbd4e6b152a050131fdd0c81b56
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.x86_64.rpm
SHA-256: 70dee70516074f535bca77785572c2c67053d2588554bd848a62e88fb21465a4
kpatch-patch-5_14_0-70_17_1-debuginfo-1-1.el9_0.x86_64.rpm
SHA-256: 51cfc1c603b619420493db87d72a3d0642d8326ac1713be093ff954b857327c3
kpatch-patch-5_14_0-70_17_1-debugsource-1-1.el9_0.x86_64.rpm
SHA-256: 071ea5fbdff99037f6830478060a49e6e81df472c5dfaa1fb603e4e4bffb787e
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.x86_64.rpm
SHA-256: f3c8d356c821c2bafbe207b556bf27ecb17a09a5bc54fb70cba47f55c56bb351
kpatch-patch-5_14_0-70_22_1-debuginfo-1-1.el9_0.x86_64.rpm
SHA-256: 133a79dd5996c7fec9660408bfea4531d04262f2d951dfc4909e0f3c1740b71f
kpatch-patch-5_14_0-70_22_1-debugsource-1-1.el9_0.x86_64.rpm
SHA-256: f0daa568cb991d9e6c03131640c8aa8b2d8d000f7340f1e1ae0a916e46339bbd
Red Hat Enterprise Linux for Power, little endian 9
SRPM
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.src.rpm
SHA-256: 5ec6efa5e1c741b21ce95b32227386e44ab6f99c30232d839a0fdae9d62cd839
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.src.rpm
SHA-256: 9a0408f8b120348bfccb1a8805cbcd9b42c2e4d57ec9810c38d5308518ac7298
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.src.rpm
SHA-256: c2e177d93812f43d14ea8f898cc6cb015119c3a3505647131ec2285874732ce1
ppc64le
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.ppc64le.rpm
SHA-256: eaca1fcb961019459ad12f9b175f3ea10eb747a196c4641c003824ba93225aa0
kpatch-patch-5_14_0-70_13_1-debuginfo-1-2.el9_0.ppc64le.rpm
SHA-256: 7a418e0722b5af38a61d37e2f8d888afd1b6a15cca72852ddfb50ec8a6c8945c
kpatch-patch-5_14_0-70_13_1-debugsource-1-2.el9_0.ppc64le.rpm
SHA-256: ae03766a5edbae1d4b3eac8fe9be5ac15ec6f8a8b2019f3d26ca651477e0120e
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.ppc64le.rpm
SHA-256: 937d6390829ff399853ce8aed90abc89304c3b696992f19cc02a0a51a00a8efb
kpatch-patch-5_14_0-70_17_1-debuginfo-1-1.el9_0.ppc64le.rpm
SHA-256: 88becf446b9f08756af6869f95e1c7364c37723c4dfaacf791f4ffaba2f2597e
kpatch-patch-5_14_0-70_17_1-debugsource-1-1.el9_0.ppc64le.rpm
SHA-256: 9c2835da87f32013a1bc025fd0c3f54e7f7554e3551212fdf5772fdb41ba3f3f
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.ppc64le.rpm
SHA-256: ae18bf16e1b9bea5e00b6b1a9ebee7d12016a39c3129255f7d449662bca371a3
kpatch-patch-5_14_0-70_22_1-debuginfo-1-1.el9_0.ppc64le.rpm
SHA-256: 49f965c7d61fbc1413a7741a3892d06c96747a824a70ea9858346073ebe58512
kpatch-patch-5_14_0-70_22_1-debugsource-1-1.el9_0.ppc64le.rpm
SHA-256: ebe43641cb1ab647e2d7fcf1ee66c92b993547e6a6354542c6a5278f468dd107
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.src.rpm
SHA-256: 5ec6efa5e1c741b21ce95b32227386e44ab6f99c30232d839a0fdae9d62cd839
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.src.rpm
SHA-256: 9a0408f8b120348bfccb1a8805cbcd9b42c2e4d57ec9810c38d5308518ac7298
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.src.rpm
SHA-256: c2e177d93812f43d14ea8f898cc6cb015119c3a3505647131ec2285874732ce1
ppc64le
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.ppc64le.rpm
SHA-256: eaca1fcb961019459ad12f9b175f3ea10eb747a196c4641c003824ba93225aa0
kpatch-patch-5_14_0-70_13_1-debuginfo-1-2.el9_0.ppc64le.rpm
SHA-256: 7a418e0722b5af38a61d37e2f8d888afd1b6a15cca72852ddfb50ec8a6c8945c
kpatch-patch-5_14_0-70_13_1-debugsource-1-2.el9_0.ppc64le.rpm
SHA-256: ae03766a5edbae1d4b3eac8fe9be5ac15ec6f8a8b2019f3d26ca651477e0120e
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.ppc64le.rpm
SHA-256: 937d6390829ff399853ce8aed90abc89304c3b696992f19cc02a0a51a00a8efb
kpatch-patch-5_14_0-70_17_1-debuginfo-1-1.el9_0.ppc64le.rpm
SHA-256: 88becf446b9f08756af6869f95e1c7364c37723c4dfaacf791f4ffaba2f2597e
kpatch-patch-5_14_0-70_17_1-debugsource-1-1.el9_0.ppc64le.rpm
SHA-256: 9c2835da87f32013a1bc025fd0c3f54e7f7554e3551212fdf5772fdb41ba3f3f
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.ppc64le.rpm
SHA-256: ae18bf16e1b9bea5e00b6b1a9ebee7d12016a39c3129255f7d449662bca371a3
kpatch-patch-5_14_0-70_22_1-debuginfo-1-1.el9_0.ppc64le.rpm
SHA-256: 49f965c7d61fbc1413a7741a3892d06c96747a824a70ea9858346073ebe58512
kpatch-patch-5_14_0-70_22_1-debugsource-1-1.el9_0.ppc64le.rpm
SHA-256: ebe43641cb1ab647e2d7fcf1ee66c92b993547e6a6354542c6a5278f468dd107
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.src.rpm
SHA-256: 5ec6efa5e1c741b21ce95b32227386e44ab6f99c30232d839a0fdae9d62cd839
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.src.rpm
SHA-256: 9a0408f8b120348bfccb1a8805cbcd9b42c2e4d57ec9810c38d5308518ac7298
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.src.rpm
SHA-256: c2e177d93812f43d14ea8f898cc6cb015119c3a3505647131ec2285874732ce1
ppc64le
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.ppc64le.rpm
SHA-256: eaca1fcb961019459ad12f9b175f3ea10eb747a196c4641c003824ba93225aa0
kpatch-patch-5_14_0-70_13_1-debuginfo-1-2.el9_0.ppc64le.rpm
SHA-256: 7a418e0722b5af38a61d37e2f8d888afd1b6a15cca72852ddfb50ec8a6c8945c
kpatch-patch-5_14_0-70_13_1-debugsource-1-2.el9_0.ppc64le.rpm
SHA-256: ae03766a5edbae1d4b3eac8fe9be5ac15ec6f8a8b2019f3d26ca651477e0120e
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.ppc64le.rpm
SHA-256: 937d6390829ff399853ce8aed90abc89304c3b696992f19cc02a0a51a00a8efb
kpatch-patch-5_14_0-70_17_1-debuginfo-1-1.el9_0.ppc64le.rpm
SHA-256: 88becf446b9f08756af6869f95e1c7364c37723c4dfaacf791f4ffaba2f2597e
kpatch-patch-5_14_0-70_17_1-debugsource-1-1.el9_0.ppc64le.rpm
SHA-256: 9c2835da87f32013a1bc025fd0c3f54e7f7554e3551212fdf5772fdb41ba3f3f
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.ppc64le.rpm
SHA-256: ae18bf16e1b9bea5e00b6b1a9ebee7d12016a39c3129255f7d449662bca371a3
kpatch-patch-5_14_0-70_22_1-debuginfo-1-1.el9_0.ppc64le.rpm
SHA-256: 49f965c7d61fbc1413a7741a3892d06c96747a824a70ea9858346073ebe58512
kpatch-patch-5_14_0-70_22_1-debugsource-1-1.el9_0.ppc64le.rpm
SHA-256: ebe43641cb1ab647e2d7fcf1ee66c92b993547e6a6354542c6a5278f468dd107
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.src.rpm
SHA-256: 5ec6efa5e1c741b21ce95b32227386e44ab6f99c30232d839a0fdae9d62cd839
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.src.rpm
SHA-256: 9a0408f8b120348bfccb1a8805cbcd9b42c2e4d57ec9810c38d5308518ac7298
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.src.rpm
SHA-256: c2e177d93812f43d14ea8f898cc6cb015119c3a3505647131ec2285874732ce1
x86_64
kpatch-patch-5_14_0-70_13_1-1-2.el9_0.x86_64.rpm
SHA-256: 03dbdf447407a444f2cb1e6c56990a7e59c3a40a20e186dce7dad8ac3e05ba7f
kpatch-patch-5_14_0-70_13_1-debuginfo-1-2.el9_0.x86_64.rpm
SHA-256: 334c5f2681c0110b1d2552dfb8df958ab5432ccf75633875a6d2861c66ee906c
kpatch-patch-5_14_0-70_13_1-debugsource-1-2.el9_0.x86_64.rpm
SHA-256: 036a2cfef61a927adc10f6cee9e859f367d92bbd4e6b152a050131fdd0c81b56
kpatch-patch-5_14_0-70_17_1-1-1.el9_0.x86_64.rpm
SHA-256: 70dee70516074f535bca77785572c2c67053d2588554bd848a62e88fb21465a4
kpatch-patch-5_14_0-70_17_1-debuginfo-1-1.el9_0.x86_64.rpm
SHA-256: 51cfc1c603b619420493db87d72a3d0642d8326ac1713be093ff954b857327c3
kpatch-patch-5_14_0-70_17_1-debugsource-1-1.el9_0.x86_64.rpm
SHA-256: 071ea5fbdff99037f6830478060a49e6e81df472c5dfaa1fb603e4e4bffb787e
kpatch-patch-5_14_0-70_22_1-1-1.el9_0.x86_64.rpm
SHA-256: f3c8d356c821c2bafbe207b556bf27ecb17a09a5bc54fb70cba47f55c56bb351
kpatch-patch-5_14_0-70_22_1-debuginfo-1-1.el9_0.x86_64.rpm
SHA-256: 133a79dd5996c7fec9660408bfea4531d04262f2d951dfc4909e0f3c1740b71f
kpatch-patch-5_14_0-70_22_1-debugsource-1-1.el9_0.x86_64.rpm
SHA-256: f0daa568cb991d9e6c03131640c8aa8b2d8d000f7340f1e1ae0a916e46339bbd
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
By Habiba Rashid At the time of writing, all reported fake repositories have been taken down and the malicious PoC has been removed from GitHub. This is a post from HackRead.com Read the original post: Fake GitHub Repos Caught Dropping Malware as PoCs AGAIN!
An issue was discovered in the Linux kernel through version 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges. The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access. The issue exists in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
Red Hat Security Advisory 2022-6592-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a heap overflow vulnerability.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2078: kernel: Vulnerability of buffer overflow in nft_set_desc_concat_parse() * CVE-2022-34918: kernel: heap overflow in nft_set_elem_init()
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.
Ubuntu Security Notice 5582-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5545-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations.
Ubuntu Security Notice 5540-1 - Liu Jian discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service.
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.