CVE-2022-2586 - Vulnerability Details

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since June 26, 2024.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Canonical	Ubuntu Linux
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Eus Rhev Hypervisor

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.0:-::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-425.3.1.rt7.213.el8	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2022:7444	2022-11-08T00:00:00Z
kernel-0:4.18.0-425.3.1.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2022:7683	2022-11-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
kernel-0:4.18.0-372.91.1.el8_6	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:0724	2024-02-07T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-162.6.1.el9_1	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:8267	2022-11-15T00:00:00Z
kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1	cpe:/a:redhat:enterprise_linux:9::nfv	RHSA-2022:7933	2022-11-15T00:00:00Z
kernel-0:5.14.0-162.6.1.el9_1	cpe:/o:redhat:enterprise_linux:9	RHSA-2022:8267	2022-11-15T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.91.1.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:0724	2024-02-07T00:00:00Z

References

Link	Providers
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
https://nvd.nist.gov/vuln/detail/CVE-2022-2586
https://ubuntu.com/security/notices/USN-5557-1
https://ubuntu.com/security/notices/USN-5560-1
https://ubuntu.com/security/notices/USN-5560-2
https://ubuntu.com/security/notices/USN-5562-1
https://ubuntu.com/security/notices/USN-5564-1
https://ubuntu.com/security/notices/USN-5565-1
https://ubuntu.com/security/notices/USN-5566-1
https://ubuntu.com/security/notices/USN-5567-1
https://ubuntu.com/security/notices/USN-5582-1
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2022-2586
https://www.openwall.com/lists/oss-security/2022/08/09/5
https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586
https://www.zerodayinitiative.com/advisories/ZDI-22-1118/

History

Wed, 30 Jul 2025 02:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.01471}`	epss `{'score': 0.01491}`

Wed, 19 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel:6.0:-::::::

Mon, 19 Aug 2024 08:30:00 +0000

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586

Wed, 14 Aug 2024 01:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2024-01-08T17:46:06.110Z

Updated: 2025-07-30T01:37:09.831Z

Reserved: 2022-07-29T22:01:19.576Z

Link: CVE-2022-2586

Vulnrichment

Updated: 2024-08-19T07:48:13.351Z

NVD

Status : Analyzed

Published: 2024-01-08T18:15:44.620

Modified: 2025-02-19T19:47:58.710

Link: CVE-2022-2586

Redhat

Severity : Moderate

Publid Date: 2022-08-09T17:00:00Z

Links: CVE-2022-2586 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2586", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2022-07-29T22:01:19.576Z", "datePublished": "2024-01-08T17:46:06.110Z", "dateUpdated": "2025-07-30T01:37:09.831Z"}, "containers": {"cna": {"affected": [{"packageName": "linux", "product": "linux", "vendor": "The Linux Kernel Organization", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "platforms": ["Linux"], "versions": [{"lessThan": "6.0~rc1", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-2"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5582-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"tags": ["issue-tracking"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}, {"tags": ["issue-tracking"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"}, {"tags": ["issue-tracking"], "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5562-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5557-1"}, {"tags": ["issue-tracking"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"}], "credits": [{"lang": "en", "type": "finder", "value": "Team Orca of Sea Security (@seasecresponse) working with Trend Micro's Zero Day Initiative"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-01-08T17:46:06.110Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2586", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-26T15:34:35.432398Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-06-26", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2586"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "0", "lessThan": "6.0-rc1", "versionType": "custom"}], "defaultStatus": "unknown"}], "timeline": [{"time": "2024-06-26T00:00:00+00:00", "lang": "en", "value": "CVE-2022-2586 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T01:37:09.831Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:48:13.351Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5560-2"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5582-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5560-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5562-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5557-1"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"}, {"url": "https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2586", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2022-07-29T22:01:19.576Z", "datePublished": "2024-01-08T17:46:06.110Z", "dateUpdated": "2025-07-30T01:37:09.831Z"}, "containers": {"cna": {"affected": [{"packageName": "linux", "product": "linux", "vendor": "The Linux Kernel Organization", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "platforms": ["Linux"], "versions": [{"lessThan": "6.0~rc1", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-2"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5582-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"tags": ["issue-tracking"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}, {"tags": ["issue-tracking"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"}, {"tags": ["issue-tracking"], "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5562-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5557-1"}, {"tags": ["issue-tracking"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"}], "credits": [{"lang": "en", "type": "finder", "value": "Team Orca of Sea Security (@seasecresponse) working with Trend Micro's Zero Day Initiative"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-01-08T17:46:06.110Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:48:13.351Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5560-2"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5582-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5560-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5562-1"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5557-1"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"}, {"url": "https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2586", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-26T15:34:35.432398Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-06-26", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2586"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "0", "lessThan": "6.0-rc1", "versionType": "custom"}], "defaultStatus": "unknown"}], "timeline": [{"time": "2024-06-26T00:00:00+00:00", "lang": "en", "value": "CVE-2022-2586 added to CISA KEV"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T19:04:24.289Z"}}]}}

{"cisaActionDue": "2024-07-17", "cisaExploitAdd": "2024-06-26", "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", "cisaVulnerabilityName": "Linux Kernel Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3369AE19-74F5-4B36-A1B4-3C7A6FC23C3B", "versionEndIncluding": "5.19.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*", "matchCriteriaId": "7BE551E5-89CF-47A8-9B26-03CE727FBA37", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted."}, {"lang": "es", "value": "Se descubri\u00f3 que un objeto o expresi\u00f3n nft pod\u00eda hacer referencia a un conjunto nft en una tabla nft diferente, lo que generaba un use-after-free una vez que se eliminaba esa tabla."}], "id": "CVE-2022-2586", "lastModified": "2025-02-19T19:47:58.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "security@ubuntu.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-08T18:15:44.620", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Patch"], "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5557-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-2"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5562-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5582-1"}, {"source": "security@ubuntu.com", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5557-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5562-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5582-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security@ubuntu.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Team Orca (Sea Security) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:7444", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-425.3.1.rt7.213.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:7683", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-425.3.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2024:0724", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.91.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:7933", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2024:0724", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.91.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2024-02-07T00:00:00Z"}], "bugzilla": {"description": "kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation", "id": "2114878", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114878"}, "csaw": true, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.", "A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2022-2586", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-08-09T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2586\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2586\nhttps://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t\nhttps://www.openwall.com/lists/oss-security/2022/08/09/5\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object