CVE-2022-48911

Summary

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_queue: fix possible use-after-free

Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0.

On failure, we cannot queue the packet and need to indicate an error. The packet will be dropped by the caller.

v2: split skb prefetch hunk into separate change

Affected Software

VendorProductVersion RangeStatus
LinuxLinux271b72c7fa82c2c7a795bc16896149933110672d < 21b27b2baa27423286e9b8d3f0b194d587083d95affected
LinuxLinux271b72c7fa82c2c7a795bc16896149933110672d < ef97921ccdc243170fcef857ba2a17cf697aece5affected
LinuxLinux271b72c7fa82c2c7a795bc16896149933110672d < 34dc4a6a7f261736ef7183868a5bddad31c7f9e3affected
LinuxLinux271b72c7fa82c2c7a795bc16896149933110672d < 43c25da41e3091b31a906651a43e80a2719aa1ffaffected
LinuxLinux271b72c7fa82c2c7a795bc16896149933110672d < 4d05239203fa38ea8a6f31e228460da4cb17a71aaffected
LinuxLinux271b72c7fa82c2c7a795bc16896149933110672d < dd648bd1b33a828f62befa696b206c688da0ec43affected
LinuxLinux271b72c7fa82c2c7a795bc16896149933110672d < dcc3cb920bf7ba66ac5e9272293a9ba5f80917eeaffected
LinuxLinux271b72c7fa82c2c7a795bc16896149933110672d < c3873070247d9e3c7a6b0cf9bf9b45e8018427b1affected
LinuxLinux2.6.29affected
LinuxLinux0 < 2.6.29unaffected
LinuxLinux4.9.305 <= 4.9.*unaffected
LinuxLinux4.14.270 <= 4.14.*unaffected
LinuxLinux4.19.233 <= 4.19.*unaffected
LinuxLinux5.4.183 <= 5.4.*unaffected
LinuxLinux5.10.104 <= 5.10.*unaffected
LinuxLinux5.15.27 <= 5.15.*unaffected
LinuxLinux5.16.13 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References