CVE-2022-48742

Summary

In the Linux kernel, the following vulnerability has been resolved:

rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()

While looking at one unrelated syzbot bug, I found the replay logic in __rtnl_newlink() to potentially trigger use-after-free.

It is better to clear master_dev and m_ops inside the loop, in case we have to replay it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxba7d49b1f0f8e5f24294a880ed576964059af5ef < 2cf180360d66bd657e606c1217e0e668e6faa303affected
LinuxLinuxba7d49b1f0f8e5f24294a880ed576964059af5ef < 7d9211678c0f0624f74cdff36117ab8316697bb8affected
LinuxLinuxba7d49b1f0f8e5f24294a880ed576964059af5ef < a01e60a1ec6bef9be471fb7182a33c6d6f124e93affected
LinuxLinuxba7d49b1f0f8e5f24294a880ed576964059af5ef < bd43771ee9759dd9dfae946bff190e2c5a120de5affected
LinuxLinuxba7d49b1f0f8e5f24294a880ed576964059af5ef < 3bbe2019dd12b8d13671ee6cda055d49637b4c39affected
LinuxLinuxba7d49b1f0f8e5f24294a880ed576964059af5ef < def5e7070079b2a214b3b1a2fbec623e6fbfe34aaffected
LinuxLinuxba7d49b1f0f8e5f24294a880ed576964059af5ef < 36a9a0aee881940476b254e0352581401b23f210affected
LinuxLinuxba7d49b1f0f8e5f24294a880ed576964059af5ef < c6f6f2444bdbe0079e41914a35081530d0409963affected
LinuxLinux3.14affected
LinuxLinux0 < 3.14unaffected
LinuxLinux4.9.300 <= 4.9.*unaffected
LinuxLinux4.14.265 <= 4.14.*unaffected
LinuxLinux4.19.228 <= 4.19.*unaffected
LinuxLinux5.4.177 <= 5.4.*unaffected
LinuxLinux5.10.97 <= 5.10.*unaffected
LinuxLinux5.15.20 <= 5.15.*unaffected
LinuxLinux5.16.6 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References