CVE-2022-49020

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/9p: Fix a potential socket leak in p9_socket_open

Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix() will return an error directly instead of releasing the cscoket, which will result in a socket leak.

This patch adds sock_release() to fix the leak issue.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6b18662e239a032f908b7f6e164bdf7e2e0a32c9 < 0396227f4daf4792a6a8aaa3b7771dc25c4cd443affected
LinuxLinux6b18662e239a032f908b7f6e164bdf7e2e0a32c9 < ded893965b895b2dccd3d1436d8d3daffa23ea64affected
LinuxLinux6b18662e239a032f908b7f6e164bdf7e2e0a32c9 < 8b14bd0b500aec1458b51cb621c8e5fab3304260affected
LinuxLinux6b18662e239a032f908b7f6e164bdf7e2e0a32c9 < 2d24d91b9f44620824fc37b766f7cae00ca32748affected
LinuxLinux6b18662e239a032f908b7f6e164bdf7e2e0a32c9 < e01c1542379fb395e7da53706df598f38905dfbfaffected
LinuxLinux6b18662e239a032f908b7f6e164bdf7e2e0a32c9 < 8782b32ef867de7981bbe9e86ecb90e92e8780bdaffected
LinuxLinux6b18662e239a032f908b7f6e164bdf7e2e0a32c9 < aa08323fe18cb7cf95317ffa2d54ca1de8e74ebdaffected
LinuxLinux6b18662e239a032f908b7f6e164bdf7e2e0a32c9 < dcc14cfd7debe11b825cb077e75d91d2575b4cb8affected
LinuxLinux2.6.33affected
LinuxLinux0 < 2.6.33unaffected
LinuxLinux4.9.335 <= 4.9.*unaffected
LinuxLinux4.14.301 <= 4.14.*unaffected
LinuxLinux4.19.268 <= 4.19.*unaffected
LinuxLinux5.4.226 <= 5.4.*unaffected
LinuxLinux5.10.158 <= 5.10.*unaffected
LinuxLinux5.15.82 <= 5.15.*unaffected
LinuxLinux6.0.12 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References