CVE-2022-50042

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: genl: fix error path memory leak in policy dumping

If construction of the array of policies fails when recording non-first policy we need to unwind.

netlink_policy_dump_add_policy() itself also needs fixing as it currently gives up on error without recording the allocated pointer in the pstate pointer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux50a896cf2d6f34e884a00139d6e6012c9833ace3 < 83411c9f05d5a8b637293b3389eca3d378197c04affected
LinuxLinux50a896cf2d6f34e884a00139d6e6012c9833ace3 < b0672895d8be5d19d4b05ac83f807026fc791037affected
LinuxLinux50a896cf2d6f34e884a00139d6e6012c9833ace3 < 26b6acd365823e99e46be3b27500f5dc235dda5eaffected
LinuxLinux50a896cf2d6f34e884a00139d6e6012c9833ace3 < 249801360db3dec4f73768c502192020bfddeaccaffected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux5.10.138 <= 5.10.*unaffected
LinuxLinux5.15.63 <= 5.15.*unaffected
LinuxLinux5.19.4 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References