Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-2586

Summary
Assigner-canonical
Assigner Org ID-cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At-08 Jan, 2024 | 17:46
Updated At-30 Jul, 2025 | 01:37
Rejected At-
Credits

Linux Kernel Use-After-Free Vulnerability

Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Linux Kernel Organization, IncLinux
Product:Kernel
Added At:26 Jun, 2024
Due At:17 Jul, 2024

Linux Kernel Use-After-Free Vulnerability

Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.

Used in Ransomware

:

Unknown

CWE

:
CWE-416

Required Action:

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Additional Notes:

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://seclists.org/oss-sec/2022/q3/131; https://nvd.nist.gov/vuln/detail/CVE-2022-2586
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:canonical
Assigner Org ID:cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At:08 Jan, 2024 | 17:46
Updated At:30 Jul, 2025 | 01:37
Rejected At:
▼CVE Numbering Authority (CNA)

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

Affected Products
Vendor
Linux Kernel Organization, IncThe Linux Kernel Organization
Product
linux
Package Name
linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Platforms
  • Linux
Versions
Affected
  • From 0 before 6.0~rc1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416
Type: CWE
CWE ID: CWE-416
Description: CWE-416
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Team Orca of Sea Security (@seasecresponse) working with Trend Micro's Zero Day Initiative
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ubuntu.com/security/notices/USN-5564-1
third-party-advisory
https://ubuntu.com/security/notices/USN-5560-2
third-party-advisory
https://ubuntu.com/security/notices/USN-5582-1
third-party-advisory
https://ubuntu.com/security/notices/USN-5567-1
third-party-advisory
https://ubuntu.com/security/notices/USN-5560-1
third-party-advisory
https://ubuntu.com/security/notices/USN-5566-1
third-party-advisory
https://www.openwall.com/lists/oss-security/2022/08/09/5
issue-tracking
https://ubuntu.com/security/notices/USN-5565-1
third-party-advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1118/
issue-tracking
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
issue-tracking
https://ubuntu.com/security/notices/USN-5562-1
third-party-advisory
https://ubuntu.com/security/notices/USN-5557-1
third-party-advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
issue-tracking
Hyperlink: https://ubuntu.com/security/notices/USN-5564-1
Resource:
third-party-advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5560-2
Resource:
third-party-advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5582-1
Resource:
third-party-advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5567-1
Resource:
third-party-advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5560-1
Resource:
third-party-advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5566-1
Resource:
third-party-advisory
Hyperlink: https://www.openwall.com/lists/oss-security/2022/08/09/5
Resource:
issue-tracking
Hyperlink: https://ubuntu.com/security/notices/USN-5565-1
Resource:
third-party-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-1118/
Resource:
issue-tracking
Hyperlink: https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
Resource:
issue-tracking
Hyperlink: https://ubuntu.com/security/notices/USN-5562-1
Resource:
third-party-advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5557-1
Resource:
third-party-advisory
Hyperlink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
Resource:
issue-tracking
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Linux Kernel Organization, Inclinux
Product
linux_kernel
CPEs
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 6.0-rc1 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
kev
dateAdded:
2024-06-26
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2586
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2022-2586 added to CISA KEV2024-06-26 00:00:00
Event: CVE-2022-2586 added to CISA KEV
Date: 2024-06-26 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ubuntu.com/security/notices/USN-5564-1
third-party-advisory
x_transferred
https://ubuntu.com/security/notices/USN-5560-2
third-party-advisory
x_transferred
https://ubuntu.com/security/notices/USN-5582-1
third-party-advisory
x_transferred
https://ubuntu.com/security/notices/USN-5567-1
third-party-advisory
x_transferred
https://ubuntu.com/security/notices/USN-5560-1
third-party-advisory
x_transferred
https://ubuntu.com/security/notices/USN-5566-1
third-party-advisory
x_transferred
https://www.openwall.com/lists/oss-security/2022/08/09/5
issue-tracking
x_transferred
https://ubuntu.com/security/notices/USN-5565-1
third-party-advisory
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-1118/
issue-tracking
x_transferred
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
issue-tracking
x_transferred
https://ubuntu.com/security/notices/USN-5562-1
third-party-advisory
x_transferred
https://ubuntu.com/security/notices/USN-5557-1
third-party-advisory
x_transferred
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
issue-tracking
x_transferred
https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586
N/A
Hyperlink: https://ubuntu.com/security/notices/USN-5564-1
Resource:
third-party-advisory
x_transferred
Hyperlink: https://ubuntu.com/security/notices/USN-5560-2
Resource:
third-party-advisory
x_transferred
Hyperlink: https://ubuntu.com/security/notices/USN-5582-1
Resource:
third-party-advisory
x_transferred
Hyperlink: https://ubuntu.com/security/notices/USN-5567-1
Resource:
third-party-advisory
x_transferred
Hyperlink: https://ubuntu.com/security/notices/USN-5560-1
Resource:
third-party-advisory
x_transferred
Hyperlink: https://ubuntu.com/security/notices/USN-5566-1
Resource:
third-party-advisory
x_transferred
Hyperlink: https://www.openwall.com/lists/oss-security/2022/08/09/5
Resource:
issue-tracking
x_transferred
Hyperlink: https://ubuntu.com/security/notices/USN-5565-1
Resource:
third-party-advisory
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-1118/
Resource:
issue-tracking
x_transferred
Hyperlink: https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
Resource:
issue-tracking
x_transferred
Hyperlink: https://ubuntu.com/security/notices/USN-5562-1
Resource:
third-party-advisory
x_transferred
Hyperlink: https://ubuntu.com/security/notices/USN-5557-1
Resource:
third-party-advisory
x_transferred
Hyperlink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
Resource:
issue-tracking
x_transferred
Hyperlink: https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@ubuntu.com
Published At:08 Jan, 2024 | 18:15
Updated At:19 Feb, 2025 | 19:47

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2024-06-262024-07-17Linux Kernel Use-After-Free VulnerabilityApply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Date Added: 2024-06-26
Due Date: 2024-07-17
Vulnerability Name: Linux Kernel Use-After-Free Vulnerability
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions up to 5.19.17(inclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.0
cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>20.04
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>22.04
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondarysecurity@ubuntu.com
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Secondary
Source: security@ubuntu.com
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586security@ubuntu.com
Third Party Advisory
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#tsecurity@ubuntu.com
Mailing List
Patch
https://ubuntu.com/security/notices/USN-5557-1security@ubuntu.com
Third Party Advisory
https://ubuntu.com/security/notices/USN-5560-1security@ubuntu.com
Third Party Advisory
https://ubuntu.com/security/notices/USN-5560-2security@ubuntu.com
Third Party Advisory
https://ubuntu.com/security/notices/USN-5562-1security@ubuntu.com
Third Party Advisory
https://ubuntu.com/security/notices/USN-5564-1security@ubuntu.com
Third Party Advisory
https://ubuntu.com/security/notices/USN-5565-1security@ubuntu.com
Third Party Advisory
https://ubuntu.com/security/notices/USN-5566-1security@ubuntu.com
Third Party Advisory
https://ubuntu.com/security/notices/USN-5567-1security@ubuntu.com
Third Party Advisory
https://ubuntu.com/security/notices/USN-5582-1security@ubuntu.com
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/09/5security@ubuntu.com
Mailing List
https://www.zerodayinitiative.com/advisories/ZDI-22-1118/security@ubuntu.com
Third Party Advisory
VDB Entry
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#taf854a3a-2127-422b-91ae-364da2661108
Mailing List
Patch
https://ubuntu.com/security/notices/USN-5557-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://ubuntu.com/security/notices/USN-5560-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://ubuntu.com/security/notices/USN-5560-2af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://ubuntu.com/security/notices/USN-5562-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://ubuntu.com/security/notices/USN-5564-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://ubuntu.com/security/notices/USN-5565-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://ubuntu.com/security/notices/USN-5566-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://ubuntu.com/security/notices/USN-5567-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://ubuntu.com/security/notices/USN-5582-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/09/5af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1118/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
Source: security@ubuntu.com
Resource:
Third Party Advisory
Hyperlink: https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
Source: security@ubuntu.com
Resource:
Mailing List
Patch
Hyperlink: https://ubuntu.com/security/notices/USN-5557-1
Source: security@ubuntu.com
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5560-1
Source: security@ubuntu.com
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5560-2
Source: security@ubuntu.com
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5562-1
Source: security@ubuntu.com
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5564-1
Source: security@ubuntu.com
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5565-1
Source: security@ubuntu.com
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5566-1
Source: security@ubuntu.com
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5567-1
Source: security@ubuntu.com
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5582-1
Source: security@ubuntu.com
Resource:
Third Party Advisory
Hyperlink: https://www.openwall.com/lists/oss-security/2022/08/09/5
Source: security@ubuntu.com
Resource:
Mailing List
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-1118/
Source: security@ubuntu.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Patch
Hyperlink: https://ubuntu.com/security/notices/USN-5557-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5560-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5560-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5562-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5564-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5565-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5566-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5567-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://ubuntu.com/security/notices/USN-5582-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.openwall.com/lists/oss-security/2022/08/09/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-1118/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found