CVE-2022-2586

Description

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

CVSS Version 3.1

nvd
CVE ID: CVE-2022-2586
Base Score: 7.8
Base Severity: HIGH
Vector String:CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8

ubuntu
CVE ID: CVE-2022-2586
Base Score: 5.3
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Impact Score: 4.2
Exploitability Score: 1.0

Proof Of Concept

aels

CVE-2022-2586: Linux kernel nft_object UAF

Refrence: GitHub

sniper404ghostxploit

gcc exploit.c -o exploit -lmnl -lnftnl -no-pie -lpthread

Refrence: GitHub

Content on GitHub

pirenga | watchers:7

2022-LPE-UAF
CVE-2022-2588,CVE-2022-2586,CVE-2022-2585

Refrence: GitHub

konoha279 | watchers:4

2022-LPE-UAF
CVE-2022-2588,CVE-2022-2586,CVE-2022-2585

Refrence: GitHub

Refrence: NVD MITRE

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub