CVE-2022-48933 netfilter: nf_tables: fix memory leak during stateful obj update

2024-08-2203:31:27

Linux

www.cve.org

linux kernel

netfilter

nf_tables

memory leak

stateful objects

control plane

transaction logic

module refcount

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: fix memory leak during stateful obj update

stateful objects can be updated from the control plane.
The transaction logic allocates a temporary object for this purpose.

The ->init function was called for this object, so plain kfree() leaks
resources. We must call ->destroy function of the object.

nft_obj_destroy does this, but it also decrements the module refcount,
but the update path doesn’t increment it.

To avoid special-casing the update object release, do module_get for
the update case too and release it via nft_obj_destroy().

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/netfilter/nf_tables_api.c"
    ],
    "versions": [
      {
        "version": "d62d0ba97b58",
        "lessThan": "53026346a94c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d62d0ba97b58",
        "lessThan": "7e9880e81d3f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d62d0ba97b58",
        "lessThan": "e96e204ee6fa",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d62d0ba97b58",
        "lessThan": "34bb90e407e3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d62d0ba97b58",
        "lessThan": "dad3bdeef45f",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/netfilter/nf_tables_api.c"
    ],
    "versions": [
      {
        "version": "5.4",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.4",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.182",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.103",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.26",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.12",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]