CVE-2022-2586: (Pwn2Own) Linux Kernel nft_object Use-After-Free Privilege Escalation Vulnerability
First published: Wed Aug 03 2022(Updated: )
A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-425.3.1.rt7.213.el8 | 0:4.18.0-425.3.1.rt7.213.el8 |
| redhat/kernel | <0:4.18.0-425.3.1.el8 | 0:4.18.0-425.3.1.el8 |
| redhat/kernel | <0:5.14.0-162.6.1.el9_1 | 0:5.14.0-162.6.1.el9_1 |
| redhat/kernel-rt | <0:5.14.0-162.6.1.rt21.168.el9_1 | 0:5.14.0-162.6.1.rt21.168.el9_1 |
| redhat/kernel | <6.0 | 6.0 |
| Linux kernel | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Linux Kernel | <=5.19.17 | |
| Linux Kernel | =6.0 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =20.04 | |
| Ubuntu | =22.04 |
Remedy
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Remedy
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-2586 https://nvd.nist.gov/vuln/detail/CVE-2022-2586 https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t https://www.openwall.com/lists/oss-security/2022/08/09/5
- https://bugzilla.redhat.com/show_bug.cgi?id=2114878
- https://access.redhat.com/errata/RHSA-2022:7444
- https://access.redhat.com/errata/RHSA-2022:7683
- https://access.redhat.com/errata/RHSA-2022:8267
- https://access.redhat.com/errata/RHSA-2022:7933
- https://access.redhat.com/security/cve/cve-2022-2586
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
- https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t
- https://ubuntu.com/security/notices/USN-5557-1
- https://ubuntu.com/security/notices/USN-5560-1
- https://ubuntu.com/security/notices/USN-5560-2
- https://ubuntu.com/security/notices/USN-5562-1
- https://ubuntu.com/security/notices/USN-5564-1
- https://ubuntu.com/security/notices/USN-5565-1
- https://ubuntu.com/security/notices/USN-5566-1
- https://ubuntu.com/security/notices/USN-5567-1
- https://ubuntu.com/security/notices/USN-5582-1
- https://www.openwall.com/lists/oss-security/2022/08/09/5
- https://www.zerodayinitiative.com/advisories/ZDI-22-1118/
- https://launchpad.net/bugs/cve/CVE-2022-2586
- https://seclists.org/oss-sec/2022/q3/114
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2117015
- https://access.redhat.com/errata/RHSA-2024:0724
- https://seclists.org/oss-sec/2022/q3/131;
- https://nvd.nist.gov/vuln/detail/CVE-2022-2586
- https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586
- https://security-tracker.debian.org/tracker/CVE-2022-2586
- https://ubuntu.com/security/CVE-2022-2586
- https://www.openwall.com/lists/oss-security/2022/08/29/5
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2022-2586?
CVE-2022-2586 is rated as a high severity vulnerability due to its potential for local privilege escalation.
How do I fix CVE-2022-2586?
To fix CVE-2022-2586, update your system to the latest kernel versions as specified by your distribution's security advisories.
What types of systems are affected by CVE-2022-2586?
CVE-2022-2586 affects specific versions of the Linux kernel across various distributions, including Red Hat, Ubuntu, and Debian.
Can CVE-2022-2586 be exploited remotely?
No, CVE-2022-2586 requires local access to the system, making it exploit risk limited to privileged users.
What specifically causes the CVE-2022-2586 vulnerability?
CVE-2022-2586 is caused by a use-after-free flaw during the deletion of nf_tables, which can lead to system instability or privilege escalation.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/title
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-2586
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/trending
- agent/source
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup-request
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-1118
- alias/ZDI-CAN-17470
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/last-modified-date
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- package-manager/debian
- version/linux kernel/5.19.17
- version/linux kernel/6.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/20.04
- version/ubuntu/22.04