CVE-2022-2586

CVSS 5.3 MEDIUMEPSS 12.7%● KEVCWE-416

Vexday Risk Score

68High priority

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 5.3EPSS 12.7%KEV simPoC públicaNuclei —Metasploit —Patch —

Lifecycle

03 Sep 2022Public PoC

08 Jan 2024Published on NVD

26 Jun 2024Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

A networking firewall rule (nft) can incorrectly reference a rule set from a different table. When that table is deleted, the reference becomes invalid and can cause a crash or unexpected behavior.

Technical detail

A use-after-free vulnerability in the nftables subsystem allows an nft object or expression to maintain a reference to an nft set belonging to a different table. Upon deletion of the referenced table, the dangling pointer is dereferenced, leading to potential memory corruption or denial of service.

Summary generated and translated by AI from the official description.

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

Affected products

The Linux Kernel Organization · linux

public PoCs found — 2

githubgithub.com/aels/CVE-2022-2586-LPE★ 22 githubgithub.com/sniper404ghostxploit/CVE-2022-2586★ 3

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References