CVE-2022-2586
CVSS v3.1
7.8 (High)
EPSS
0.84 % (82th)
Affected Products
2
Advisories
40
NVD Status
Analyzed
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
Weaknesses
- CWE-416
- Use After Free
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- Canonical Ltd.
- Published Date
-
2024-01-08 18:15:44
(8 months ago) - Updated Date
-
2024-06-27 01:00:01
(2 months ago)
Linux Kernel Use-After-Free Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.
- Required Action
- Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://seclists.org/oss-sec/2022/q3/131; https://nvd.nist.gov/vuln/detail/CVE-2022-2586
- Vendor
- Linux
- Product
- Kernel
- In CISA Catalog from
-
2024-06-26
(2 months ago) - Due Date
-
2024-07-17
(2 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...