Lucene search

LinuxCVE-2022-48809

HistoryJul 16, 2024 - 12:15 p.m.

CVE-2022-48809

2024-07-1612:15:05

CWE-401

Linux

web.nvd.nist.gov

linux kernel

vulnerability

memory leak

uncloning

socket buffer

metadata

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: fix a memleak when uncloning an skb dst and its metadata

When uncloning an skb dst and its associated metadata, a new
dst+metadata is allocated and later replaces the old one in the skb.
This is helpful to have a non-shared dst+metadata attached to a specific
skb.

The issue is the uncloned dst+metadata is initialized with a refcount of
1, which is increased to 2 before attaching it to the skb. When
tun_dst_unclone returns, the dst+metadata is only referenced from a
single place (the skb) while its refcount is 2. Its refcount will never
drop to 0 (when the skb is consumed), leading to a memory leak.

Fix this by removing the call to dst_hold in tun_dst_unclone, as the
dst+metadata refcount is already 1.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange4.3–4.9.302

linuxlinux_kernelRange4.10–4.14.267

linuxlinux_kernelRange4.15–4.19.230

linuxlinux_kernelRange4.20–5.4.180

linuxlinux_kernelRange5.5–5.10.101

linuxlinux_kernelRange5.11–5.15.24

linuxlinux_kernelRange5.16–5.16.10

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "include/net/dst_metadata.h"
    ],
    "versions": [
      {
        "version": "fc4099f17240",
        "lessThan": "4ac84498fbe8",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "fc4099f17240",
        "lessThan": "c1ff27d100e2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "fc4099f17240",
        "lessThan": "0be943916d78",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "fc4099f17240",
        "lessThan": "a80817adc2a4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "fc4099f17240",
        "lessThan": "00e6d6c3bc14",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "fc4099f17240",
        "lessThan": "fdcb263fa5cd",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "fc4099f17240",
        "lessThan": "8b1087b998e2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "fc4099f17240",
        "lessThan": "9eeabdf17fa0",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "include/net/dst_metadata.h"
    ],
    "versions": [
      {
        "version": "4.3",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.3",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.9.302",
        "lessThanOrEqual": "4.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.14.267",
        "lessThanOrEqual": "4.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.230",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.180",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.101",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.24",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.10",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]