Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2022 / CVE-2022-49558.json
blob: 9c84036df21864aab796d03e5546926954d3f8e4 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: double hook unregistration in netns path\n\n__nft_release_hooks() is called from pre_netns exit path which\nunregisters the hooks, then the NETDEV_UNREGISTER event is triggered\nwhich unregisters the hooks again.\n\n[ 565.221461] WARNING: CPU: 18 PID: 193 at net/netfilter/core.c:495 __nf_unregister_net_hook+0x247/0x270\n[...]\n[ 565.246890] CPU: 18 PID: 193 Comm: kworker/u64:1 Tainted: G E 5.18.0-rc7+ #27\n[ 565.253682] Workqueue: netns cleanup_net\n[ 565.257059] RIP: 0010:__nf_unregister_net_hook+0x247/0x270\n[...]\n[ 565.297120] Call Trace:\n[ 565.300900] <TASK>\n[ 565.304683] nf_tables_flowtable_event+0x16a/0x220 [nf_tables]\n[ 565.308518] raw_notifier_call_chain+0x63/0x80\n[ 565.312386] unregister_netdevice_many+0x54f/0xb50\n\nUnregister and destroy netdev hook from netns pre_exit via kfree_rcu\nso the NETDEV_UNREGISTER path see unregistered hooks."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"versions": [
{
"version": "767d1216bff82507c945e92fe719dff2083bb2f4",
"lessThan": "c73955a09408e7374d9abfd0e78ce3de9cda0635",
"status": "affected",
"versionType": "git"
},
{
"version": "b110391d1e806167254d3c7ae5d637191d913175",
"lessThan": "b09e6ccf0d12f9356e8e3508d3e3dce126298538",
"status": "affected",
"versionType": "git"
},
{
"version": "0a0e5d47670b753d3dbf88f3c77a97a30864d9bd",
"lessThan": "3fac8ce48fa9fd61ee9056d3ed48b2edefca8b82",
"status": "affected",
"versionType": "git"
},
{
"version": "767d1216bff82507c945e92fe719dff2083bb2f4",
"lessThan": "9c413a8c8bb49cc16796371805ecb260e885bb2b",
"status": "affected",
"versionType": "git"
},
{
"version": "767d1216bff82507c945e92fe719dff2083bb2f4",
"lessThan": "a3940dcf552f2393d1e8f263b386593f98abe829",
"status": "affected",
"versionType": "git"
},
{
"version": "767d1216bff82507c945e92fe719dff2083bb2f4",
"lessThan": "86c0154f4c3a56c5db8b9dd09e3ce885382c2c19",
"status": "affected",
"versionType": "git"
},
{
"version": "767d1216bff82507c945e92fe719dff2083bb2f4",
"lessThan": "f9a43007d3f7ba76d5e7f9421094f00f2ef202f8",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"versions": [
{
"version": "5.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.11",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.316",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.262",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.198",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.45",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.13",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18.2",
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.19",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "4.19.316"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.99",
"versionEndExcluding": "5.4.262"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.17",
"versionEndExcluding": "5.10.198"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.17.13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.18.2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.19"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/c73955a09408e7374d9abfd0e78ce3de9cda0635"
},
{
"url": "https://git.kernel.org/stable/c/b09e6ccf0d12f9356e8e3508d3e3dce126298538"
},
{
"url": "https://git.kernel.org/stable/c/3fac8ce48fa9fd61ee9056d3ed48b2edefca8b82"
},
{
"url": "https://git.kernel.org/stable/c/9c413a8c8bb49cc16796371805ecb260e885bb2b"
},
{
"url": "https://git.kernel.org/stable/c/a3940dcf552f2393d1e8f263b386593f98abe829"
},
{
"url": "https://git.kernel.org/stable/c/86c0154f4c3a56c5db8b9dd09e3ce885382c2c19"
},
{
"url": "https://git.kernel.org/stable/c/f9a43007d3f7ba76d5e7f9421094f00f2ef202f8"
}
],
"title": "netfilter: nf_tables: double hook unregistration in netns path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2022-49558",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}