1. Home
  2. Vulnerabilities
  3. CVE-2022-2586

CVE-2022-2586

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.84 % (82th)
0.84% Progress
Affected Products 2
Advisories 40
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Canonical Ltd.
Published Date
2024-01-08 18:15:44
(8 months ago)
Updated Date
2024-06-27 01:00:01
(2 months ago)
Linux Kernel Use-After-Free Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Known to be Used in Ransomware Campaigns
Unknown
Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://seclists.org/oss-sec/2022/q3/131; https://nvd.nist.gov/vuln/detail/CVE-2022-2586
Vendor
Linux
Product
Kernel
In CISA Catalog from
2024-06-26
(2 months ago)
Due Date
2024-07-17
(2 months ago)

Affected Products

Canonical

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel 5.19.17 and prior versions cpe:2.3:o:linux:linux_kernel <= 5.19.17

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm
  Canonical Ubuntu Linux 20.04 cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts
  Canonical Ubuntu Linux 22.04 cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts