⚠ Actively exploited
Added to CISA KEV on 2024-06-26. Federal agencies required to patch by 2024-07-17. Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable..
CVE-2022-2586
Severity
7.8HIGH
EPSS
2.2%
top 15.52%
CISA KEV
KEV
Added 2024-06-26
Due 2024-07-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJan 8
KEV addedJun 26
KEV dueJul 17
Latest updateJun 18
CISA Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Description
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 1.0 | Impact: 4.2
Affected Packages4 packages
▶CVEListV5linux/linux958bee14d0718ca7a5002c0f48a099d1d345812a — 77d3b5038b7462318f5183e2ad704b01d57215a2+7
Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 22.04
Patches
🔴Vulnerability Details
11CVEList▶
CVE-2022-2586: It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was↗2024-01-08
OSV▶
CVE-2022-2586: It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was↗2024-01-08
OSV▶
linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2022-08-10
📋Vendor Advisories
15Microsoft▶
It was discovered that a nft object or expression could reference a nft set on a different nft table leading to a use-after-free once that table was deleted.↗2024-01-09