CVE-2022-49853
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: macvlan: fix memory leaks of macvlan_common_newlink
kmemleak reports memory leaks in macvlan_common_newlink, as follows:
ip link add link eth0 name .. type macvlan mode source macaddr add <MAC-ADDR>
kmemleak reports:
unreferenced object 0xffff8880109bb140 (size 64): comm "ip", pid 284, jiffies 4294986150 (age 430.108s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 b8 aa 5a 12 80 88 ff ff ……….Z….. 80 1b fa 0d 80 88 ff ff 1e ff ac af c7 c1 6b 6b …………..kk backtrace: [<ffffffff813e06a7>] kmem_cache_alloc_trace+0x1c7/0x300 [<ffffffff81b66025>] macvlan_hash_add_source+0x45/0xc0 [<ffffffff81b66a67>] macvlan_changelink_sources+0xd7/0x170 [<ffffffff81b6775c>] macvlan_common_newlink+0x38c/0x5a0 [<ffffffff81b6797e>] macvlan_newlink+0xe/0x20 [<ffffffff81d97f8f>] __rtnl_newlink+0x7af/0xa50 [<ffffffff81d98278>] rtnl_newlink+0x48/0x70 …
In the scenario where the macvlan mode is configured as 'source', macvlan_changelink_sources() will be execured to reconfigure list of remote source mac addresses, at the same time, if register_netdevice() return an error, the resource generated by macvlan_changelink_sources() is not cleaned up.
Using this patch, in the case of an error, it will execute macvlan_flush_sources() to ensure that the resource is cleaned up.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | aa5fd0fb77486b8a6764ead8627baa14790e4280 < 9f288e338be206713d79b29144c27fca4503c39b | affected |
| Linux | Linux | aa5fd0fb77486b8a6764ead8627baa14790e4280 < 21d3a8b6a1e39e7529ce9de07316ee13a63f305b | affected |
| Linux | Linux | aa5fd0fb77486b8a6764ead8627baa14790e4280 < a81b44d1df1f07f00c0dcc0a0b3d2fa24a46289e | affected |
| Linux | Linux | aa5fd0fb77486b8a6764ead8627baa14790e4280 < 685e73e3f7a9fb75cbf049a9d0b7c45cc6b57b2e | affected |
| Linux | Linux | aa5fd0fb77486b8a6764ead8627baa14790e4280 < 956e0216a19994443c90ba2ea6b0b284c9c4f9cb | affected |
| Linux | Linux | aa5fd0fb77486b8a6764ead8627baa14790e4280 < a8d67367ab33604326cc37ab44fd1801bf5691ba | affected |
| Linux | Linux | aa5fd0fb77486b8a6764ead8627baa14790e4280 < 9ea003c4671b2fc455320ecf6d4a43b0a3c1878a | affected |
| Linux | Linux | aa5fd0fb77486b8a6764ead8627baa14790e4280 < 23569b5652ee8e8e55a12f7835f59af6f3cefc30 | affected |
| Linux | Linux | 4.9 | affected |
| Linux | Linux | 0 < 4.9 | unaffected |
| Linux | Linux | 4.9.334 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.300 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.267 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.225 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.155 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.79 <= 5.15.* | unaffected |
| Linux | Linux | 6.0.9 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/9f288e338be206713d79b29144c27fca4503c39b
- https://git.kernel.org/stable/c/21d3a8b6a1e39e7529ce9de07316ee13a63f305b
- https://git.kernel.org/stable/c/a81b44d1df1f07f00c0dcc0a0b3d2fa24a46289e
- https://git.kernel.org/stable/c/685e73e3f7a9fb75cbf049a9d0b7c45cc6b57b2e
- https://git.kernel.org/stable/c/956e0216a19994443c90ba2ea6b0b284c9c4f9cb
- https://git.kernel.org/stable/c/a8d67367ab33604326cc37ab44fd1801bf5691ba
- https://git.kernel.org/stable/c/9ea003c4671b2fc455320ecf6d4a43b0a3c1878a
- https://git.kernel.org/stable/c/23569b5652ee8e8e55a12f7835f59af6f3cefc30
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.