CVE-2022-2586 - OpenCVE

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Canonical	Ubuntu Linux

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::

References

Link	Resource
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586	Third Party Advisory
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t	Mailing List Patch
https://ubuntu.com/security/notices/USN-5557-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-5560-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-5560-2	Third Party Advisory
https://ubuntu.com/security/notices/USN-5562-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-5564-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-5565-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-5566-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-5567-1	Third Party Advisory
https://ubuntu.com/security/notices/USN-5582-1	Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/08/09/5	Mailing List
https://www.zerodayinitiative.com/advisories/ZDI-22-1118/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2024-01-08T17:46:06.110Z

Updated: 2024-06-26T16:20:22.577Z

Reserved: 2022-07-29T22:01:19.576Z

Link: CVE-2022-2586

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-08T18:15:44.620

Modified: 2024-06-27T01:00:01.260

Link: CVE-2022-2586

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2586", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2022-07-29T22:01:19.576Z", "datePublished": "2024-01-08T17:46:06.110Z", "dateUpdated": "2024-06-26T16:20:22.577Z"}, "containers": {"cna": {"affected": [{"packageName": "linux", "product": "linux", "vendor": "The Linux Kernel Organization", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "platforms": ["Linux"], "versions": [{"lessThan": "6.0~rc1", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-2"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5582-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"tags": ["issue-tracking"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}, {"tags": ["issue-tracking"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"}, {"tags": ["issue-tracking"], "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5562-1"}, {"tags": ["third-party-advisory"], "url": "https://ubuntu.com/security/notices/USN-5557-1"}, {"tags": ["issue-tracking"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"}], "credits": [{"lang": "en", "type": "finder", "value": "Team Orca of Sea Security (@seasecresponse) working with Trend Micro's Zero Day Initiative"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-01-08T17:46:06.110Z"}}, "adp": [{"affected": [{"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "6.0-rc1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T15:34:35.432398Z", "id": "CVE-2022-2586", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-06-26", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T16:20:22.577Z"}, "timeline": [{"time": "2024-06-26T00:00:00+00:00", "lang": "en", "value": "CVE-2022-2586 added to CISA KEV"}]}]}}

{"cisaActionDue": "2024-07-17", "cisaExploitAdd": "2024-06-26", "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", "cisaVulnerabilityName": "Linux Kernel Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3369AE19-74F5-4B36-A1B4-3C7A6FC23C3B", "versionEndIncluding": "5.19.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted."}, {"lang": "es", "value": "Se descubri\u00f3 que un objeto o expresi\u00f3n nft pod\u00eda hacer referencia a un conjunto nft en una tabla nft diferente, lo que generaba un use-after-free una vez que se eliminaba esa tabla."}], "id": "CVE-2022-2586", "lastModified": "2024-06-27T01:00:01.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2024-01-08T18:15:44.620", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Patch"], "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5557-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5560-2"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5562-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5564-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5565-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5566-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5567-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5582-1"}, {"source": "security@ubuntu.com", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "security@ubuntu.com", "type": "Secondary"}]}