Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2022-48748
HistoryJun 20, 2024 - 11:13 a.m.

CVE-2022-48748 net: bridge: vlan: fix memory leak in __allowed_ingress

2024-06-2011:13:30
Linux
www.cve.org
1
linux kernel
vulnerability
memory leak
network bridge
per-vlan state
vlan snooping
untagged frame
priority-tagged frame
skb memory

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: vlan: fix memory leak in __allowed_ingress

When using per-vlan state, if vlan snooping and stats are disabled,
untagged or priority-tagged ingress frame will go to check pvid state.
If the port state is forwarding and the pvid state is not
learning/forwarding, untagged or priority-tagged frame will be dropped
but skb memory is not freed.
Should free skb when __allowed_ingress returns false.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/bridge/br_vlan.c"
    ],
    "versions": [
      {
        "version": "a580c76d534c",
        "lessThan": "446ff1fc37c7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a580c76d534c",
        "lessThan": "c5e216e880fa",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a580c76d534c",
        "lessThan": "14be8d448fca",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a580c76d534c",
        "lessThan": "fd20d9738395",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/bridge/br_vlan.c"
    ],
    "versions": [
      {
        "version": "5.6",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.6",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.96",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.19",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.5",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

redhatcve 1
nvd 1
ubuntucve 1
debiancve 1
cve 1
vulnrichment 1
redhatcve
redhatcve
CVE-2022-48748
2024-06-20 13:56:37
nvd
nvd
CVE-2022-48748
2024-06-20 12:15:13
ubuntucve
ubuntucve
CVE-2022-48748
2024-06-20 00:00:00
debiancve
debiancve
CVE-2022-48748
2024-06-20 12:15:13
cve
cve
CVE-2022-48748
2024-06-20 12:15:13
vulnrichment
vulnrichment
CVE-2022-48748 net: bridge: vlan: fix memory leak in __allowed_ingress
2024-06-20 11:13:30

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for CVELIST:CVE-2022-48748
redhatcve1nvd1ubuntucve1debiancve1cve1vulnrichment1