Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-50213

Опубликовано: 18 июн. 2025
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: do not allow SET_ID to refer to another table

When doing lookups for sets on the same batch by using its ID, a set from a different table can be used.

Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free.

When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table.

This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 3.16 (включая) до 4.19.256 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.20 (включая) до 5.4.211 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.5 (включая) до 5.10.137 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.11 (включая) до 5.15.61 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.16 (включая) до 5.18.18 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.19 (включая) до 5.19.2 (исключая)

EPSS

Процентиль: 3%
0.00017
Низкий

7.8 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2022-50213

CVSS3: 7.8
ubuntu
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free. When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table. This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.

redhat логотип

CVE-2022-50213

CVSS3: 5.5
redhat
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free. When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table. This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.

debian логотип

CVE-2022-50213

CVSS3: 7.8
debian
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: n ...

github логотип

GHSA-j95h-gr5v-mg6j

CVSS3: 7.8
github
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free. When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table. This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.

suse-cvrf логотип

SUSE-SU-2025:02334-1

suse-cvrf
7 месяцев назад

Security update for the Linux Kernel

EPSS

Процентиль: 3%
0.00017
Низкий

7.8 High

CVSS3

Дефекты

CWE-416