CVE-2022-49691
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
24/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
erspan: do not assume transport header is always set<br />
<br />
Rewrite tests in ip6erspan_tunnel_xmit() and<br />
erspan_fb_xmit() to not assume transport header is set.<br />
<br />
syzbot reported:<br />
<br />
WARNING: CPU: 0 PID: 1350 at include/linux/skbuff.h:2911 skb_transport_header include/linux/skbuff.h:2911 [inline]<br />
WARNING: CPU: 0 PID: 1350 at include/linux/skbuff.h:2911 ip6erspan_tunnel_xmit+0x15af/0x2eb0 net/ipv6/ip6_gre.c:963<br />
Modules linked in:<br />
CPU: 0 PID: 1350 Comm: aoe_tx0 Not tainted 5.19.0-rc2-syzkaller-00160-g274295c6e53f #0<br />
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014<br />
RIP: 0010:skb_transport_header include/linux/skbuff.h:2911 [inline]<br />
RIP: 0010:ip6erspan_tunnel_xmit+0x15af/0x2eb0 net/ipv6/ip6_gre.c:963<br />
Code: 0f 47 f0 40 88 b5 7f fe ff ff e8 8c 16 4b f9 89 de bf ff ff ff ff e8 a0 12 4b f9 66 83 fb ff 0f 85 1d f1 ff ff e8 71 16 4b f9 0b e9 43 f0 ff ff e8 65 16 4b f9 48 8d 85 30 ff ff ff ba 60 00<br />
RSP: 0018:ffffc90005daf910 EFLAGS: 00010293<br />
RAX: 0000000000000000 RBX: 000000000000ffff RCX: 0000000000000000<br />
RDX: ffff88801f032100 RSI: ffffffff882e8d3f RDI: 0000000000000003<br />
RBP: ffffc90005dafab8 R08: 0000000000000003 R09: 000000000000ffff<br />
R10: 000000000000ffff R11: 0000000000000000 R12: ffff888024f21d40<br />
R13: 000000000000a288 R14: 00000000000000b0 R15: ffff888025a2e000<br />
FS: 0000000000000000(0000) GS:ffff88802c800000(0000) knlGS:0000000000000000<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: 0000001b2e425000 CR3: 000000006d099000 CR4: 0000000000152ef0<br />
Call Trace:<br />
<br />
__netdev_start_xmit include/linux/netdevice.h:4805 [inline]<br />
netdev_start_xmit include/linux/netdevice.h:4819 [inline]<br />
xmit_one net/core/dev.c:3588 [inline]<br />
dev_hard_start_xmit+0x188/0x880 net/core/dev.c:3604<br />
sch_direct_xmit+0x19f/0xbe0 net/sched/sch_generic.c:342<br />
__dev_xmit_skb net/core/dev.c:3815 [inline]<br />
__dev_queue_xmit+0x14a1/0x3900 net/core/dev.c:4219<br />
dev_queue_xmit include/linux/netdevice.h:2994 [inline]<br />
tx+0x6a/0xc0 drivers/block/aoe/aoenet.c:63<br />
kthread+0x1e7/0x3b0 drivers/block/aoe/aoecmd.c:1229<br />
kthread+0x2e9/0x3a0 kernel/kthread.c:376<br />
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302<br />
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.18 (including) | 4.19.250 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.202 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.127 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.51 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.18.8 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/02da602bc2f353dccd9e489a604490034ded941e
- https://git.kernel.org/stable/c/2c8aeffc7c586d53e1d380f010bdca4f710f2480
- https://git.kernel.org/stable/c/301bd140ed0b24f0da660874c7e8a47dad8c8222
- https://git.kernel.org/stable/c/a3b2470399f679587c45abe56e551caf10becca2
- https://git.kernel.org/stable/c/cec9867ee55478ef5dcb2adf030fe0c442a4c4ee
- https://git.kernel.org/stable/c/fb401f37f6eadf24956d93687e5758c163c0d12b