Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-49871

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
01/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: tun: Fix memory leaks of napi_get_frags<br /> <br /> kmemleak reports after running test_progs:<br /> <br /> unreferenced object 0xffff8881b1672dc0 (size 232):<br /> comm "test_progs", pid 394388, jiffies 4354712116 (age 841.975s)<br /> hex dump (first 32 bytes):<br /> e0 84 d7 a8 81 88 ff ff 80 2c 67 b1 81 88 ff ff .........,g.....<br /> 00 40 c5 9b 81 88 ff ff 00 00 00 00 00 00 00 00 .@..............<br /> backtrace:<br /> [] napi_skb_cache_get+0xd4/0x150<br /> [] __napi_build_skb+0x15/0x50<br /> [] __napi_alloc_skb+0x26e/0x540<br /> [] napi_get_frags+0x59/0x140<br /> [] tun_get_user+0x183d/0x3bb0 [tun]<br /> [] tun_chr_write_iter+0xc0/0x1b1 [tun]<br /> [] do_iter_readv_writev+0x19f/0x320<br /> [] do_iter_write+0x135/0x630<br /> [] vfs_writev+0x12e/0x440<br /> [] do_writev+0x104/0x280<br /> [] do_syscall_64+0x3b/0x90<br /> [] entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> The issue occurs in the following scenarios:<br /> tun_get_user()<br /> napi_gro_frags()<br /> napi_frags_finish()<br /> case GRO_NORMAL:<br /> gro_normal_one()<br /> list_add_tail(&amp;skb-&gt;list, &amp;napi-&gt;rx_list);<br /> rx_count

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.15 (including) 4.19.267 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.225 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.155 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.79 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.0.9 (excluding)
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools