ghsa-j95h-gr5v-mg6j
Vulnerability from github
Published
2025-06-18 12:30
Modified
2025-06-18 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: do not allow SET_ID to refer to another table

When doing lookups for sets on the same batch by using its ID, a set from a different table can be used.

Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free.

When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table.

This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50213"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:52Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not allow SET_ID to refer to another table\n\nWhen doing lookups for sets on the same batch by using its ID, a set from a\ndifferent table can be used.\n\nThen, when the table is removed, a reference to the set may be kept after\nthe set is freed, leading to a potential use-after-free.\n\nWhen looking for sets by ID, use the table that was used for the lookup by\nname, and only return sets belonging to that same table.\n\nThis fixes CVE-2022-2586, also reported as ZDI-CAN-17470.",
  "id": "GHSA-j95h-gr5v-mg6j",
  "modified": "2025-06-18T12:30:56Z",
  "published": "2025-06-18T12:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50213"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d07039397527361850c554c192e749cfc879ea9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a4b18b1ff11ba26f9a852019d674fde9d1d1cff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/470ee20e069a6d05ae549f7d0ef2bdbcee6a81b2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/77d3b5038b7462318f5183e2ad704b01d57215a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f4fa03410f7c5f5bd8f90e9c11e9a8c4b526ff6f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/faafd9286f1355c76fe9ac3021c280297213330e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fab2f61cc3b0e441b1749f017cfee75f9bbaded7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.