CVE-2022-49008
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down
In can327_feed_frame_to_netdev(), it did not free the skb when netdev is down, and all callers of can327_feed_frame_to_netdev() did not free allocated skb too. That would trigger skb leak.
Fix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev is down. Not tested, just compiled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 43da2f07622f41376c7ddab8f73dc2b1d3ab9715 < 797b1d9fc0e1f4351e4ad49b078c1a3cdc0d4a08 | affected |
| Linux | Linux | 43da2f07622f41376c7ddab8f73dc2b1d3ab9715 < 8fa452cfafed521aaf5a18c71003fe24b1ee6141 | affected |
| Linux | Linux | 6.0 | affected |
| Linux | Linux | 0 < 6.0 | unaffected |
| Linux | Linux | 6.0.12 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/797b1d9fc0e1f4351e4ad49b078c1a3cdc0d4a08
- https://git.kernel.org/stable/c/8fa452cfafed521aaf5a18c71003fe24b1ee6141
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.