Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-49959

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/06/2025
Last modified:
18/06/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> openvswitch: fix memory leak at failed datapath creation<br /> <br /> ovs_dp_cmd_new()-&gt;ovs_dp_change()-&gt;ovs_dp_set_upcall_portids()<br /> allocates array via kmalloc.<br /> If for some reason new_vport() fails during ovs_dp_cmd_new()<br /> dp-&gt;upcall_portids must be freed.<br /> Add missing kfree.<br /> <br /> Kmemleak example:<br /> unreferenced object 0xffff88800c382500 (size 64):<br /> comm "dump_state", pid 323, jiffies 4294955418 (age 104.347s)<br /> hex dump (first 32 bytes):<br /> 5e c2 79 e4 1f 7a 38 c7 09 21 38 0c 80 88 ff ff ^.y..z8..!8.....<br /> 03 00 00 00 0a 00 00 00 14 00 00 00 28 00 00 00 ............(...<br /> backtrace:<br /> [] ovs_dp_set_upcall_portids+0x38/0xa0<br /> [] ovs_dp_change+0x63/0xe0<br /> [] ovs_dp_cmd_new+0x1f0/0x380<br /> [] genl_family_rcv_msg_doit+0xea/0x150<br /> [] genl_rcv_msg+0xdc/0x1e0<br /> [] netlink_rcv_skb+0x50/0x100<br /> [] genl_rcv+0x24/0x40<br /> [] netlink_unicast+0x23e/0x360<br /> [] netlink_sendmsg+0x24e/0x4b0<br /> [] sock_sendmsg+0x62/0x70<br /> [] ____sys_sendmsg+0x230/0x270<br /> [] ___sys_sendmsg+0x88/0xd0<br /> [] __sys_sendmsg+0x59/0xa0<br /> [] do_syscall_64+0x3b/0x90<br /> [] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Impact

References to Advisories, Solutions, and Tools