{"id":"CVE-2022-2586","details":"It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.","modified":"2026-04-03T13:14:45.036185311Z","published":"2024-01-08T18:15:44.620Z","related":["ALSA-2022:7444","ALSA-2022:7683","ALSA-2022:7933","ALSA-2022:8267","MGASA-2022-0305","MGASA-2022-0308","SUSE-SU-2022:3585-1","SUSE-SU-2022:3609-1","SUSE-SU-2022:3704-1","SUSE-SU-2022:3775-1","SUSE-SU-2022:3809-1","SUSE-SU-2022:3844-1","SUSE-SU-2022:4617-1","SUSE-SU-2024:0113-1","SUSE-SU-2024:0117-1","SUSE-SU-2024:0118-1","SUSE-SU-2024:0120-1","SUSE-SU-2025:02264-1","SUSE-SU-2025:02308-1","SUSE-SU-2025:02320-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:02334-1","SUSE-SU-2025:02537-1"],"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2586"},{"type":"ADVISORY","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5557-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5560-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5562-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5564-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5560-2"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5566-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5582-1"},{"type":"ADVISORY","url":"https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5565-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5567-1"},{"type":"FIX","url":"https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2022/08/09/5"},{"type":"EVIDENCE","url":"https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2586.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"5.19.17"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"22.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}