【Vulnerability Alert】High-Risk Security Vulnerability in Linux Kernel (CVE-2022-2586)

【Vulnerability Alert】High-Risk Security Vulnerability in Linux Kernel (CVE-2022-2586) – Immediate Update Required!

publish date : 2024-07-08 update date : 2024-07-08

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2024070503074949	Publication Time	2024/07/05 15:03
Incident Type	ANA-Vulnerability Alert	Discovery Time	2024/07/05 15:03
Impact Level	Medium
[Subject] 【Vulnerability Alert】High-Risk Security Vulnerability in Linux Kernel (CVE-2022-2586) – Immediate Update Required!
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202407-00000064 Researchers have discovered a use-after-free vulnerability (CVE-2022-2586) in the nftables (NF_Tables) of the Linux kernel. Local attackers with standard user privileges can exploit this vulnerability to gain administrative privileges. The vulnerability has already been exploited by hackers. Please verify and patch immediately. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Linux kernel versions up to and including 5.19.17
[Recommended Actions] The official patch for this vulnerability has been released. Please refer to the following URL for the patch: https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/ As there are many operating systems using Linux, please refer to the respective vendor announcements for update methods. Below are the official announcements for common operating systems: ● Ubuntu https://ubuntu.com/security/CVE-2022-2586 ● Debian https://security-tracker.debian.org/tracker/CVE-2022-2586 ● Red Hat https://access.redhat.com/errata/RHSA-2024:0724 ● Fefora https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUQKTPH7LFK5E2J3I73LHDSUS2357P3U/
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2022-258 2. https://ubuntu.com/security/CVE-2022-2586 3. https://security-tracker.debian.org/tracker/CVE-2022-2586 4. https://access.redhat.com/errata/RHSA-2024:0724 5. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUQKTPH7LFK5E2J3I73LHDSUS2357P3U/

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center