๐Ÿ” CVE Alert

CVE-2022-2586

MEDIUM 5.3 โš ๏ธ CISA KEV
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

CWE CWE-416
Vendor the linux kernel organization
Product linux
Published Jan 8, 2024
Last Updated Oct 21, 2025
โš ๏ธ Actively Exploited โ€” Act Now

Get instant alerts for the linux kernel organization linux

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2022-2586.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Affected Versions

The Linux Kernel Organization / linux
0 < 6.0~rc1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
ubuntu.com: https://ubuntu.com/security/notices/USN-5564-1 ubuntu.com: https://ubuntu.com/security/notices/USN-5560-2 ubuntu.com: https://ubuntu.com/security/notices/USN-5582-1 ubuntu.com: https://ubuntu.com/security/notices/USN-5567-1 ubuntu.com: https://ubuntu.com/security/notices/USN-5560-1 ubuntu.com: https://ubuntu.com/security/notices/USN-5566-1 openwall.com: https://www.openwall.com/lists/oss-security/2022/08/09/5 ubuntu.com: https://ubuntu.com/security/notices/USN-5565-1 zerodayinitiative.com: https://www.zerodayinitiative.com/advisories/ZDI-22-1118/ lore.kernel.org: https://lore.kernel.org/netfilter-devel/[email protected]/T/#t ubuntu.com: https://ubuntu.com/security/notices/USN-5562-1 ubuntu.com: https://ubuntu.com/security/notices/USN-5557-1 cve.mitre.org: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2586 vicarius.io: https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586

Credits

Team Orca of Sea Security (@seasecresponse) working with Trend Micro's Zero Day Initiative