CVE-2022-49622

NameCVE-2022-49622
DescriptionIn the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid skb access on nf_stolen When verdict is NF_STOLEN, the skb might have been freed. When tracing is enabled, this can result in a use-after-free: 1. access to skb->nf_trace 2. access to skb->mark 3. computation of trace id 4. dump of packet payload To avoid 1, keep a cached copy of skb->nf_trace in the trace state struct. Refresh this copy whenever verdict is != STOLEN. Avoid 2 by skipping skb->mark access if verdict is STOLEN. 3 is avoided by precomputing the trace id. Only dump the packet when verdict is not "STOLEN".
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1vulnerable
bullseye (security)5.10.234-1vulnerable
bookworm6.1.129-1fixed
bookworm (security)6.1.128-1fixed
trixie6.12.17-1fixed
sid6.12.19-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)5.18.14-1

Notes

https://git.kernel.org/linus/e34b9ed96ce3b06c79bf884009b16961ca478f87 (5.19-rc5)

Search for package or bug name: Reporting problems