Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-2586
HistoryAug 09, 2022 - 12:00 a.m.

CVE-2022-2586

2022-08-0900:00:00
ubuntu.com
ubuntu.com
47
cve-2022-2586
nft set reference
nft table deletion
zdi-can-17470
cwe-416
unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.008

Percentile

82.4%

It was discovered that a nft object or expression could reference a nft set
on a different nft table, leading to a use-after-free once that table was
deleted.

Notes

Author Note
sbeattie ZDI-CAN-17470
eslerm CWE-416
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-191.202UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-124.140UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-46.49UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-231.265UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1139.150UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1083.90UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1017.21UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1111.117UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1147.162UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1017.21~20.04.1UNKNOWN
Rows per page:
1-10 of 671

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.008

Percentile

82.4%