Linux Kernel Use-After-Free Vulnerability
Summary
| CVE | CVE-2022-2586 |
|---|---|
| State | RESERVED |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-01-08 18:15:00 UTC |
| Updated | 2024-01-12 16:21:00 UTC |
| Description | Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges. |
Risk And Classification
EPSS: 0.022170000 probability, percentile 0.844110000 (date 2026-04-01)
CISA KEV: Listed on 2024-06-26; due 2024-07-17; ransomware use Unknown
Problem Types: CWE-416
CISA Known Exploited Vulnerability
| Vendor | Linux |
|---|---|
| Product | Kernel |
| Name | Linux Kernel Use-After-Free Vulnerability |
| Required Action | Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. |
| Notes | This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://seclists.org/oss-sec/2022/q3/131; https://nvd.nist.gov/vuln/detail/CVE-2022-2586 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 22.04 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-5560-2: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | ubuntu.com | Third Party Advisory | |
| USN-5582-1: Linux kernel (Azure CVM) vulnerabilities | Ubuntu security notices | Ubuntu | ubuntu.com | Third Party Advisory | |
| ZDI-22-1118 | Zero Day Initiative | www.zerodayinitiative.com | Third Party Advisory, VDB Entry | |
| USN-5564-1: Linux kernel (Intel IoTG) vulnerabilities | Ubuntu security notices | Ubuntu | ubuntu.com | Third Party Advisory | |
| USN-5566-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | ubuntu.com | Third Party Advisory | |
| USN-5560-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | ubuntu.com | Third Party Advisory | |
| CVE - CVE-2022-2586 | cve.mitre.org | Third Party Advisory | |
| USN-5562-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | ubuntu.com | Third Party Advisory | |
| USN-5567-1: Linux kernel (OEM) vulnerabilities | Ubuntu security notices | Ubuntu | ubuntu.com | Third Party Advisory | |
| USN-5565-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | ubuntu.com | Third Party Advisory | |
| oss-security - CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF | www.openwall.com | Mailing List | |
| [PATCH 1/3] netfilter: nf_tables: do not allow SET_ID to refer to another table | lore.kernel.org | Mailing List, Patch | |
| USN-5557-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | ubuntu.com | Third Party Advisory | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160106 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9827)
- 160107 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9828)
- 160108 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9829)
- 160109 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9830)
- 160210 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-7683)
- 160270 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-8267)
- 180938 Debian Security Update for linux (DSA 5207-1)
- 181002 Debian Security Update for linux-5.10 (DLA 3102-1)
- 181091 Debian Security Update for linux (DLA 3131-1)
- 182513 Debian Security Update for linux (CVE-2022-2586)
- 198891 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5560-1)
- 198892 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5567-1)
- 198894 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5566-1)
- 198895 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5562-1)
- 198896 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5565-1)
- 198897 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-5564-1)
- 198911 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-5582-1)
- 240815 Red Hat Update for kernel-rt (RHSA-2022:7444)
- 240817 Red Hat Update for kernel security (RHSA-2022:7683)
- 240869 Red Hat Update for kernel-rt (RHSA-2022:7933)
- 240904 Red Hat Update for kernel security (RHSA-2022:8267)
- 242890 Red Hat Update for kernel (RHSA-2024:0724)
- 283034 Fedora Security Update for kernel (FEDORA-2022-9bbb1d9b7b)
- 283035 Fedora Security Update for kernel (FEDORA-2022-484e226872)
- 354060 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-035
- 354081 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-036
- 354082 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2022-008
- 354084 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-020
- 354439 Amazon Linux Security Advisory for kernel : ALAS2022-2022-150
- 354468 Amazon Linux Security Advisory for kernel : ALAS2022-2022-185
- 354542 Amazon Linux Security Advisory for kernel : ALAS-2022-185
- 355199 Amazon Linux Security Advisory for kernel : ALAS2023-2023-070
- 355545 Amazon Linux Security Advisory for kernel : ALAS2-2023-2100
- 355557 Amazon Linux Security Advisory for kernel : ALAS-2023-1773
- 377012 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2022:0036)
- 377117 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0158)
- 377871 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0001)
- 377891 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0002)
- 6140022 AWS Bottlerocket Security Update for kernel (GHSA-j7qm-552q-93v3)
- 6140134 AWS Bottlerocket Security Update for kernel (GHSA-j7qm-552q-93v3)
- 672278 EulerOS Security Update for kernel (EulerOS-SA-2022-2686)
- 672286 EulerOS Security Update for kernel (EulerOS-SA-2022-2654)
- 672354 EulerOS Security Update for kernel (EulerOS-SA-2022-2732)
- 672391 EulerOS Security Update for kernel (EulerOS-SA-2022-2767)
- 672410 EulerOS Security Update for kernel (EulerOS-SA-2022-2796)
- 752708 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3704-1)
- 752724 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3775-1)
- 752750 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3844-1)
- 753063 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4617-1)
- 753095 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3585-1)
- 753370 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3609-1)
- 753374 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3809-1)
- 755605 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2024:0120-1)
- 755606 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2024:0117-1)
- 940732 AlmaLinux Security Update for kernel (ALSA-2022:7683)
- 940766 AlmaLinux Security Update for kernel-rt (ALSA-2022:7444)
- 940798 AlmaLinux Security Update for kernel (ALSA-2022:8267)
- 940843 AlmaLinux Security Update for kernel-rt (ALSA-2022:7933)
- 960176 Rocky Linux Security Update for kernel-rt (RLSA-2022:7444)
- 960184 Rocky Linux Security Update for kernel (RLSA-2022:7683)