Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-2586
HistoryJan 08, 2024 - 6:15 p.m.

CVE-2022-2586

2024-01-0818:15:44
Debian Security Bug Tracker
security-tracker.debian.org
160
cve-2022-2586
use-after-free
nft table
unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.008

Percentile

82.4%

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.008

Percentile

82.4%