| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix leak of nested actions\n\nWhile parsing user-provided actions, openvswitch module may dynamically\nallocate memory and store pointers in the internal copy of the actions.\nSo this memory has to be freed while destroying the actions.\n\nCurrently there are only two such actions: ct() and set(). However,\nthere are many actions that can hold nested lists of actions and\novs_nla_free_flow_actions() just jumps over them leaking the memory.\n\nFor example, removal of the flow with the following actions will lead\nto a leak of the memory allocated by nf_ct_tmpl_alloc():\n\n actions:clone(ct(commit),0)\n\nNon-freed set() action may also leak the 'dst' structure for the\ntunnel info including device references.\n\nUnder certain conditions with a high rate of flow rotation that may\ncause significant memory leak problem (2MB per second in reporter's\ncase). The problem is also hard to mitigate, because the user doesn't\nhave direct control over the datapath flows generated by OVS.\n\nFix that by iterating over all the nested actions and freeing\neverything that needs to be freed recursively.\n\nNew build time assertion should protect us from this problem if new\nactions will be added in the future.\n\nUnfortunately, openvswitch module doesn't use NLA_F_NESTED, so all\nattributes has to be explicitly checked. sample() and clone() actions\nare mixing extra attributes into the user-provided action list. That\nprevents some code generalization too." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/openvswitch/flow_netlink.c" |
| ], |
| "versions": [ |
| { |
| "version": "34ae932a40369be6bd6ea97d66b6686361b4370d", |
| "lessThan": "7438dc55c0709819b813f4778aec2c48b782990b", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "34ae932a40369be6bd6ea97d66b6686361b4370d", |
| "lessThan": "ef6f9ce0a79aa23b10fc5f3b3cab3814a25aac40", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "34ae932a40369be6bd6ea97d66b6686361b4370d", |
| "lessThan": "5ae05b5eb58773cfec307ff88aff4cfd843c4cff", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "34ae932a40369be6bd6ea97d66b6686361b4370d", |
| "lessThan": "837b96d8103938e35e7d92cd9db96af914ca4fff", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "34ae932a40369be6bd6ea97d66b6686361b4370d", |
| "lessThan": "3554c214b83ec9a839ed574263a34218f372990c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "34ae932a40369be6bd6ea97d66b6686361b4370d", |
| "lessThan": "53bce9d19b0a9d245b25cd050b81652ed974a509", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "34ae932a40369be6bd6ea97d66b6686361b4370d", |
| "lessThan": "1f30fb9166d4f15a1aa19449b9da871fe0ed4796", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "net/openvswitch/flow_netlink.c" |
| ], |
| "versions": [ |
| { |
| "version": "4.3", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "4.3", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.249", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.200", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.111", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.34", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.16.20", |
| "lessThanOrEqual": "5.16.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.17.3", |
| "lessThanOrEqual": "5.17.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.18", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.3", |
| "versionEndExcluding": "4.19.249" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.3", |
| "versionEndExcluding": "5.4.200" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.3", |
| "versionEndExcluding": "5.10.111" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.3", |
| "versionEndExcluding": "5.15.34" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.3", |
| "versionEndExcluding": "5.16.20" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.3", |
| "versionEndExcluding": "5.17.3" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.3", |
| "versionEndExcluding": "5.18" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/7438dc55c0709819b813f4778aec2c48b782990b" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/ef6f9ce0a79aa23b10fc5f3b3cab3814a25aac40" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/5ae05b5eb58773cfec307ff88aff4cfd843c4cff" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/837b96d8103938e35e7d92cd9db96af914ca4fff" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/3554c214b83ec9a839ed574263a34218f372990c" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/53bce9d19b0a9d245b25cd050b81652ed974a509" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/1f30fb9166d4f15a1aa19449b9da871fe0ed4796" |
| } |
| ], |
| "title": "net: openvswitch: fix leak of nested actions", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2022-49086", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
