CVE-2022-49958

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/sched: fix netdevice reference leaks in attach_default_qdiscs()<br /> <br /> In attach_default_qdiscs(), if a dev has multiple queues and queue 0 fails<br /> to attach qdisc because there is no memory in attach_one_default_qdisc().<br /> Then dev-&gt;qdisc will be noop_qdisc by default. But the other queues may be<br /> able to successfully attach to default qdisc.<br /> <br /> In this case, the fallback to noqueue process will be triggered. If the<br /> original attached qdisc is not released and a new one is directly<br /> attached, this will cause netdevice reference leaks.<br /> <br /> The following is the bug log:<br /> <br /> veth0: default qdisc (fq_codel) fail, fallback to noqueue<br /> unregister_netdevice: waiting for veth0 to become free. Usage count = 32<br /> leaked reference.<br /> qdisc_alloc+0x12e/0x210<br /> qdisc_create_dflt+0x62/0x140<br /> attach_one_default_qdisc.constprop.41+0x44/0x70<br /> dev_activate+0x128/0x290<br /> __dev_open+0x12a/0x190<br /> __dev_change_flags+0x1a2/0x1f0<br /> dev_change_flags+0x23/0x60<br /> do_setlink+0x332/0x1150<br /> __rtnl_newlink+0x52f/0x8e0<br /> rtnl_newlink+0x43/0x70<br /> rtnetlink_rcv_msg+0x140/0x3b0<br /> netlink_rcv_skb+0x50/0x100<br /> netlink_unicast+0x1bb/0x290<br /> netlink_sendmsg+0x37c/0x4e0<br /> sock_sendmsg+0x5f/0x70<br /> ____sys_sendmsg+0x208/0x280<br /> <br /> Fix this bug by clearing any non-noop qdiscs that may have been assigned<br /> before trying to re-attach.