CVE-2022-49048

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix panic when forwarding a pkt with no in6 dev

kongweibin reported a kernel panic in ip6_forward() when input interface has no in6 dev associated.

The following tc commands were used to reproduce this panic: tc qdisc del dev vxlan100 root tc qdisc add dev vxlan100 root netem corrupt 5%

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbff0854e2f804f68d3e93d19e4580dbd69777e1d < 74b68f5249f16c5f7f675d0f604fa6ae20e3a151affected
LinuxLinux7f4848229e91d508102b30396b8a1b710ac23637 < ab2f5afb7af5c68389e8c7dd29e0a98fbeaaa435affected
LinuxLinux79ec7b5b2f4fe38e5c7459ed0bdff4ef3386ab63 < a263712ba8c9ded25dd9d2d5ced11bcea5b33a3eaffected
LinuxLinuxccd27f05ae7b8ebc40af5b004e94517a919aa862 < adee01bbf6cb5b3e4ed08be8ff866aac90f13836affected
LinuxLinuxccd27f05ae7b8ebc40af5b004e94517a919aa862 < e69fb3de87a8923e5931a272a38fa3cceb01da44affected
LinuxLinuxccd27f05ae7b8ebc40af5b004e94517a919aa862 < e3fa461d8b0e185b7da8a101fe94dfe6dd500ac0affected
LinuxLinux350e10d217337480158b604bbf6601c50ed161c6affected
LinuxLinux4.19.199 < 4.19.239affected
LinuxLinux5.4.136 < 5.4.190affected
LinuxLinux5.10.54 < 5.10.112affected
LinuxLinux5.13.6 < 5.14affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux4.19.239 <= 4.19.*unaffected
LinuxLinux5.4.190 <= 5.4.*unaffected
LinuxLinux5.10.112 <= 5.10.*unaffected
LinuxLinux5.15.35 <= 5.15.*unaffected
LinuxLinux5.17.4 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

References