CVE-2022-2586
published 2024-01-08CVE-2022-2586: It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2024-07-17
Exploited in the wild
EPSS
12.75%
95.8th percentile
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | linux | < linux 6.0.2-1 (bookworm) | linux 6.0.2-1 (bookworm) |
| debian | linux | < linux 5.18.16-1 (bookworm) | linux 5.18.16-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 958bee14d0718ca7a5002c0f48a099d1d345812a < 77d3b5038b7462318f5183e2ad704b01d57215a2 | 77d3b5038b7462318f5183e2ad704b01d57215a2 |
| linux | linux | >= 958bee14d0718ca7a5002c0f48a099d1d345812a < fab2f61cc3b0e441b1749f017cfee75f9bbaded7 | fab2f61cc3b0e441b1749f017cfee75f9bbaded7 |
| linux | linux | >= 958bee14d0718ca7a5002c0f48a099d1d345812a < 1a4b18b1ff11ba26f9a852019d674fde9d1d1cff | 1a4b18b1ff11ba26f9a852019d674fde9d1d1cff |
| linux | linux | >= 958bee14d0718ca7a5002c0f48a099d1d345812a < faafd9286f1355c76fe9ac3021c280297213330e | faafd9286f1355c76fe9ac3021c280297213330e |
| linux | linux | >= 958bee14d0718ca7a5002c0f48a099d1d345812a < f4fa03410f7c5f5bd8f90e9c11e9a8c4b526ff6f | f4fa03410f7c5f5bd8f90e9c11e9a8c4b526ff6f |
| linux | linux | >= 958bee14d0718ca7a5002c0f48a099d1d345812a < 0d07039397527361850c554c192e749cfc879ea9 | 0d07039397527361850c554c192e749cfc879ea9 |
| linux | linux | >= 958bee14d0718ca7a5002c0f48a099d1d345812a < 470ee20e069a6d05ae549f7d0ef2bdbcee6a81b2 | 470ee20e069a6d05ae549f7d0ef2bdbcee6a81b2 |
| linux | linux_kernel | <= 5.19.17 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.140-1 | 5.10.140-1 |
| linux | linux_kernel | >= 0 < 5.10.136-1 | 5.10.136-1 |
| linux | linux_kernel | >= 0 < 6.0.2-1 | 6.0.2-1 |
| linux | linux_kernel | >= 0 < 5.18.16-1 | 5.18.16-1 |
| linux | linux_kernel | >= 0 < 6.0.2-1 | 6.0.2-1 |
| linux | linux_kernel | >= 0 < 5.18.16-1 | 5.18.16-1 |
| linux | linux_kernel | >= 0 < 6.0.2-1 | 6.0.2-1 |
| linux | linux_kernel | >= 0 < 5.18.16-1 | 5.18.16-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is in the netfilter nf_tables subsystem: an nft object or expression references an nft set in a *different* nft table via SET_ID, enabling use-after-free after table deletion. Detection should focus on cross-table nft SET_ID references in netlink/nftables batch operations. ↗
- →The vulnerability is also tracked as ZDI-CAN-17470; threat intel or exploit samples may be indexed under that identifier. ↗
- →Exploitation requires a local, privileged attacker; monitor for local privilege escalation attempts via nftables API calls (net/netfilter/nf_tables_api.c), particularly batch operations that add/delete tables while holding cross-table set references. ↗
- →Scope is local; alert on unexpected nftables rule/table manipulation (e.g., nft commands creating sets in one table and referencing them from another) by non-root or container-escaped processes. ↗
- ·Red Hat Enterprise Linux 6 and 7 (including kernel-rt) are listed as Not Affected; detection/patching efforts should focus on RHEL 8+ and other distributions. ↗
- ·Debian bookworm/sid/trixie/forky are fixed in kernel 5.18.16-1; bullseye is fixed in 5.10.136-1. Systems running older kernels remain vulnerable. ↗
- ·Ubuntu fix is delivered via USN-5565-1 and USN-5567-1; an ABI change means third-party kernel modules must be recompiled after patching. ↗
- ·Red Hat states no mitigation meeting their criteria is currently available for affected versions. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vulncheck5.3MEDIUM
cisa7.8HIGH
vendor_msrc7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j95h-gr5v-mg6j: In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: do not allow SET_ID to refer to another table
When doing l
ghsa_unreviewed·2025-06-18·CVSS 5.3
CVE-2022-50213 [MEDIUM] CWE-416 GHSA-j95h-gr5v-mg6j: In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: do not allow SET_ID to refer to another table
When doing l
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: do not allow SET_ID to refer to another table
When doing lookups for sets on the same batch by using its ID, a set from a
different table can be used.
Then, when the table is removed, a reference to the set may be kept after
the set is freed, leading to a potential use-after-free.
When looking for sets by ID, use the table that was used for the lookup by
name, and only return sets belonging to that same table.
This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.
OSV
CVE-2022-50213: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing loo
osv·2025-06-18·CVSS 7.8
CVE-2022-50213 [HIGH] CVE-2022-50213: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing loo
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free. When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table. This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.
OSV
CVE-2022-2586: It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was
osv·2024-01-08·CVSS 7.8
CVE-2022-2586 [HIGH] CVE-2022-2586: It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
OSV
linux-azure-fde vulnerabilities
osv·2022-08-25·CVSS 4.4
CVE-2022-34918 [MEDIUM] linux-azure-fde vulnerabilities
linux-azure-fde vulnerabilities
Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local attacker could use this
to escalate privileges in certain situations. (CVE-2022-34918)
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of s
OSV
Kernel Live Patch Security Notice
osv·2022-08-24·CVSS 7.8
CVE-2022-1966 [HIGH] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966)
Ziming Zhang discovered that the netfilter subsystem in the Linux kernel
did not properly validate sets with multiple ranged fields. A local
attacker could use this to cause a denial of service or execute arbitrary
code.(CVE-2022-1972)
It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly clean up timers in some situations. A local
attacker could use this to cause a denial of service (system crash) or
exe
OSV
linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities
osv·2022-08-10·CVSS 7.8
CVE-2022-2588 [HIGH] linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities
linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It w
OSV
linux-oem-5.14, linux-oem-5.17 vulnerabilities
osv·2022-08-10·CVSS 7.8
CVE-2022-2588 [HIGH] linux-oem-5.14, linux-oem-5.17 vulnerabilities
linux-oem-5.14, linux-oem-5.17 vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly clean up timers in some situations. A
OSV
linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
osv·2022-08-10·CVSS 4.4
CVE-2022-2588 [MEDIUM] linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the block layer s
OSV
linux-intel-iotg vulnerabilities
osv·2022-08-10·CVSS 7.8
CVE-2022-2588 [HIGH] linux-intel-iotg vulnerabilities
linux-intel-iotg vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly clean up timers in some situations. A local
attacker
OSV
linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
osv·2022-08-10·CVSS 7.8
CVE-2022-2588 [HIGH] linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly cl
OSV
linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities
osv·2022-08-10·CVSS 4.4
CVE-2022-2588 [MEDIUM] linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities
linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the block layer subsystem in the Linux kernel did
not properly initialize memo
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.
osv·2022-08-10·CVSS 4.4
[MEDIUM] linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local a
Kernel
netfilter: nf_tables: do not allow SET_ID to refer to another table
kernel_security·2022-08-09·CVSS 5.3
CVE-2022-2586 [MEDIUM] netfilter: nf_tables: do not allow SET_ID to refer to another table
netfilter: nf_tables: do not allow SET_ID to refer to another table
When doing lookups for sets on the same batch by using its ID, a set from a
different table can be used.
Then, when the table is removed, a reference to the set may be kept after
the set is freed, leading to a potential use-after-free.
When looking for sets by ID, use the table that was used for the lookup by
name, and only return sets belonging to that same table.
This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.
Reported-by: Team Orca of Sea Security (@seasecresponse)
Fixes: 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets")
Signed-off-by: Thadeu Lima de Souza Cascardo
Cc:
Signed-off-by: Pablo Neira Ayuso
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2022-08-09·CVSS 7.8
CVE-2022-2588 [HIGH] linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
VulnCheck
Linux Kernel Use-After-Free Vulnerability
vulncheck·2022·CVSS 5.3
CVE-2022-2586 [MEDIUM] CWE-416 Linux Kernel Use-After-Free Vulnerability
Linux Kernel Use-After-Free Vulnerability
Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.
Affected: Linux Kernel
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Exploitation References: https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/excobalt-gored-the-hidden-tunnel-technique/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Exploit PoC: https://vulncheck.com/xdb/6feeb109d166; https://vulncheck.com/xdb/371b22b792df; https://vulncheck.com/xdb/174eaee64a01
Remediation Due: 2024-07-17
Red Hat
kernel: netfilter: nf_tables: do not allow SET_ID to refer to another table
vendor_redhat·2025-06-18·CVSS 5.3
CVE-2022-50213 [MEDIUM] CWE-825 kernel: netfilter: nf_tables: do not allow SET_ID to refer to another table
kernel: netfilter: nf_tables: do not allow SET_ID to refer to another table
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: do not allow SET_ID to refer to another table
When doing lookups for sets on the same batch by using its ID, a set from a
different table can be used.
Then, when the table is removed, a reference to the set may be kept after
the set is freed, leading to a potential use-after-free.
When looking for sets by ID, use the table that was used for the lookup by
name, and only return sets belonging to that same table.
This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising eas
CISA
Linux Kernel Use-After-Free Vulnerability
cisa·2024-06-26·CVSS 7.8
CVE-2022-2586 [HIGH] CWE-416 Linux Kernel Use-After-Free Vulnerability
Vulnerability: Linux Kernel Use-After-Free Vulnerability
Affected: Linux Kernel
Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://seclists.org/oss-sec/2022/q3/131; https://nvd.nist.gov/vuln/detail/CVE-2022-2586
Remediation Due Date: 2024-07-17
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-02-14·CVSS 9.8
CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715
Microsoft
It was discovered that a nft object or expression could reference a nft set on a different nft table leading to a use-after-free once that table was deleted.
vendor_msrc·2024-01-09·CVSS 7.8
CVE-2022-2586 [MEDIUM] CWE-416 It was discovered that a nft object or expression could reference a nft set on a different nft table leading to a use-after-free once that table was deleted.
It was discovered that a nft object or expression could reference a nft set on a different nft table leading to a use-after-free once that table was deleted.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
ca
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
cisa_ics·2023-06-15·CVSS 5.5
[MEDIUM] Siemens SIMATIC S7-1500 TM MFP Linux Kernel
ICS Advisory
##
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
Release DateJune 15, 2023
Alert CodeICSA-23-166-11
## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely / low attack complexity / public exploits available
- Vendor: Siemens ProductCERT
- Equipment: SIMATIC S7-1500 TM MFP
- Vulnerabilities: Multiple vulnerabilities
## 2. RISK EVALUATION
Exploitation of these vulnerabilities could lead to denial-of-service, crashing t
Ubuntu
Linux kernel (Azure CVM) vulnerabilities
vendor_ubuntu·2022-08-25·CVSS 4.4
CVE-2022-1974 [MEDIUM] Linux kernel (Azure CVM) vulnerabilities
Title: Linux kernel (Azure CVM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local attacker could use this
to escalate privileges in certain situations. (CVE-2022-34918)
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a us
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2022-08-24·CVSS 6.7
CVE-2022-2586 [MEDIUM] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966)
Ziming Zhang discovered that the netfilter subsystem in the Linux kernel
did not properly validate sets with multiple ranged fields. A local
attacker could use this to cause a denial of service or execute arbitrary
code.(CVE-2022-1972)
It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly clean up timers in some situations. A local
attacke
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 5.3
CVE-2022-2588 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the implementation of POSIX timers in the Linux
kernel
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 7.8
CVE-2022-1734 [HIGH] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the implementation of POSIX timers in the
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 4.4
CVE-2022-1048 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the block layer subsystem in the Linux kernel did
not p
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 7.8
CVE-2022-2586 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the implementation of POSIX timers in the Linux
kernel
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 5.3
CVE-2022-2588 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the implementation of POSIX timers in the Linux
k
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 4.4
CVE-2022-1975 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the block layer subsystem in the Linux kernel did
not p
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 4.4
CVE-2022-1734 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the block layer subsystem in the Linux kernel did
not p
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-09·CVSS 5.3
CVE-2022-2588 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
Instructions: After a standard system update you need to reboot your computer
Red Hat
kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation
vendor_redhat·2022-08-09·CVSS 5.3
CVE-2022-2586 [MEDIUM] CWE-416 kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation
kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Package: kern
Debian
CVE-2022-50213: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ...
vendor_debian·2022·CVSS 5.3
CVE-2022-50213 [MEDIUM] CVE-2022-50213: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ...
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free. When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table. This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.
Scope: local
bookworm: resolved (fixed in 6.0.2-1)
bullseye: resolved (fixed in 5.10.140-1)
forky: resolved (fixed in 6.0.2-1)
sid: resolved (fixed in 6.0.2-1)
trixie: resolved (fixed in 6.0.2-1)
Debian
CVE-2022-2586: linux - It was discovered that a nft object or expression could reference a nft set on a...
vendor_debian·2022·CVSS 5.3
CVE-2022-2586 [MEDIUM] CVE-2022-2586: linux - It was discovered that a nft object or expression could reference a nft set on a...
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
Scope: local
bookworm: resolved (fixed in 5.18.16-1)
bullseye: resolved (fixed in 5.10.136-1)
forky: resolved (fixed in 5.18.16-1)
sid: resolved (fixed in 5.18.16-1)
trixie: resolved (fixed in 5.18.16-1)
No detection rules found.
No public exploits indexed.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586https://lore.kernel.org/netfilter-devel/[email protected]/T/#thttps://ubuntu.com/security/notices/USN-5557-1https://ubuntu.com/security/notices/USN-5560-1https://ubuntu.com/security/notices/USN-5560-2https://ubuntu.com/security/notices/USN-5562-1https://ubuntu.com/security/notices/USN-5564-1https://ubuntu.com/security/notices/USN-5565-1https://ubuntu.com/security/notices/USN-5566-1https://ubuntu.com/security/notices/USN-5567-1https://ubuntu.com/security/notices/USN-5582-1https://www.openwall.com/lists/oss-security/2022/08/09/5https://www.zerodayinitiative.com/advisories/ZDI-22-1118/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586https://lore.kernel.org/netfilter-devel/[email protected]/T/#thttps://ubuntu.com/security/notices/USN-5557-1https://ubuntu.com/security/notices/USN-5560-1https://ubuntu.com/security/notices/USN-5560-2https://ubuntu.com/security/notices/USN-5562-1https://ubuntu.com/security/notices/USN-5564-1https://ubuntu.com/security/notices/USN-5565-1https://ubuntu.com/security/notices/USN-5566-1https://ubuntu.com/security/notices/USN-5567-1https://ubuntu.com/security/notices/USN-5582-1https://www.openwall.com/lists/oss-security/2022/08/09/5https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586https://www.zerodayinitiative.com/advisories/ZDI-22-1118/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2586
2024-01-08
Published
2024-06-26
Added to CISA KEV
Exploited in the wild