CVE-2022-2588

CWE-416Use After FreeCWE-41527 documents8 sources
Severity
7.8HIGH
EPSS
54.4%
top 1.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
THE Linux Kernel Organization LinuxLinux Linux KernelCanonical Ubuntu Linux
Timeline
PublishedJan 8
Latest updateJan 9

Description

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 1.0 | Impact: 4.2

Affected Packages30 packages

NVDlinux/linux_kernel4.104.14.291+7
Debianlinux< 5.10.136-1+3
Ubuntulinux< 4.15.0-191.202+2
Ubuntulinux-aws< 4.15.0-1139.150+3

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 22.04

Patches

Patch: lore.kernel.orgPatch: lore.kernel.org

🔴Vulnerability Details

12
CVEList
CVE-2022-2588: It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if2024-01-08
OSV
CVE-2022-2588: It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if2024-01-08
OSV
linux-azure-fde vulnerabilities2022-08-25
OSV
linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities2022-08-10
OSV
linux-oem-5.14, linux-oem-5.17 vulnerabilities2022-08-10

📋Vendor Advisories

14
Microsoft
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.2024-01-09
Ubuntu
Linux kernel vulnerability2022-08-30
Ubuntu
Linux kernel (Azure CVM) vulnerabilities2022-08-25
Ubuntu
Kernel Live Patch Security Notice2022-08-24
Ubuntu
Linux kernel vulnerabilities2022-08-10
CVE-2022-2588 (HIGH CVSS 7.8) | It was discovered that the cls_rout | cvebase.io