CVE-2022-49183

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_ct: fix ref leak when switching zones

When switching zones or network namespaces without doing a ct clear in between, it is now leaking a reference to the old ct entry. That's because tcf_ct_skb_nfct_cached() returns false and tcf_ct_flow_table_lookup() may simply overwrite it.

The fix is to, as the ct entry is not reusable, free it already at tcf_ct_skb_nfct_cached().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0fc1847359964e95e521cf2bb2b10f8e33dd0970 < 9222a08be539cbb7a8e0d46cbc7ab9e4db273eb8affected
LinuxLinuxa95ea90deb3071c1ded77a05e91cfebc5238d908 < bcbf4e5c3b5b373cd61528392dd1ec8e9c0fd33daffected
LinuxLinuxe9408de00e5ecd0dbe91cf061c7da23711c4febb < 4bb42d73def9411e5cad885b9811987d72431df1affected
LinuxLinux2f131de361f6d0eaff17db26efdb844c178432f8 < b24793a37d91aacad7cb9893b226a7924a89636aaffected
LinuxLinux2f131de361f6d0eaff17db26efdb844c178432f8 < bcb74e132a76ce0502bb33d5b65533a4ed72d159affected
LinuxLinux5.10.103 < 5.10.258affected
LinuxLinux5.15.26 < 5.15.33affected
LinuxLinux5.16.12 < 5.16.19affected
LinuxLinux5.17affected
LinuxLinux0 < 5.17unaffected
LinuxLinux5.10.258 <= 5.10.*unaffected
LinuxLinux5.15.33 <= 5.15.*unaffected
LinuxLinux5.16.19 <= 5.16.*unaffected
LinuxLinux5.17.2 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References