CVE-2022-48809 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1
https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a
https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4
https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108
https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613
https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88
https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540
https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314
https://lore.kernel.org/linux-cve-announce/2024071646-CVE-2022-48809-ba13@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48809
https://www.cve.org/CVERecord?id=CVE-2022-48809

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48809", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.897Z", "datePublished": "2024-07-16T11:43:59.757Z", "dateUpdated": "2025-05-04T08:23:32.834Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:23:32.834Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix a memleak when uncloning an skb dst and its metadata\n\nWhen uncloning an skb dst and its associated metadata, a new\ndst+metadata is allocated and later replaces the old one in the skb.\nThis is helpful to have a non-shared dst+metadata attached to a specific\nskb.\n\nThe issue is the uncloned dst+metadata is initialized with a refcount of\n1, which is increased to 2 before attaching it to the skb. When\ntun_dst_unclone returns, the dst+metadata is only referenced from a\nsingle place (the skb) while its refcount is 2. Its refcount will never\ndrop to 0 (when the skb is consumed), leading to a memory leak.\n\nFix this by removing the call to dst_hold in tun_dst_unclone, as the\ndst+metadata refcount is already 1."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/dst_metadata.h"], "versions": [{"version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "4ac84498fbe84a00e7aef185e2bb3e40ce71eca4", "status": "affected", "versionType": "git"}, {"version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "c1ff27d100e2670b03cbfddb9117e5f9fc672540", "status": "affected", "versionType": "git"}, {"version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "0be943916d781df2b652793bb2d3ae4f9624c10a", "status": "affected", "versionType": "git"}, {"version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88", "status": "affected", "versionType": "git"}, {"version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1", "status": "affected", "versionType": "git"}, {"version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "fdcb263fa5cda15b8cb24a641fa2718c47605314", "status": "affected", "versionType": "git"}, {"version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "8b1087b998e273f07be13dcb5f3ca4c309c7f108", "status": "affected", "versionType": "git"}, {"version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "9eeabdf17fa0ab75381045c867c370f4cc75a613", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/dst_metadata.h"], "versions": [{"version": "4.3", "status": "affected"}, {"version": "0", "lessThan": "4.3", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.302", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.267", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.230", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.180", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.101", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.24", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.10", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "4.9.302"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "4.14.267"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "4.19.230"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.4.180"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.10.101"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.15.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.16.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4"}, {"url": "https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540"}, {"url": "https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a"}, {"url": "https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88"}, {"url": "https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1"}, {"url": "https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314"}, {"url": "https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108"}, {"url": "https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613"}], "title": "net: fix a memleak when uncloning an skb dst and its metadata", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.534Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48809", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:58:37.940393Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:13.409Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2022-48809 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-07-16T11:38:08.897Z (string)

datePublished : 2024-07-16T11:43:59.757Z (string)

dateUpdated : 2025-05-04T08:23:32.834Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T08:23:32.834Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: fix a memleak when uncloning an skb dst and its metadata When uncloning an skb dst and its associated metadata, a new dst+metadata is allocated and later replaces the old one in the skb. This is helpful to have a non-shared dst+metadata attached to a specific skb. The issue is the uncloned dst+metadata is initialized with a refcount of 1, which is increased to 2 before attaching it to the skb. When tun_dst_unclone returns, the dst+metadata is only referenced from a single place (the skb) while its refcount is 2. Its refcount will never drop to 0 (when the skb is consumed), leading to a memory leak. Fix this by removing the call to dst_hold in tun_dst_unclone, as the dst+metadata refcount is already 1. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : include/net/dst_metadata.h (string)

]

versions : [ »

0 : { »

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : 4ac84498fbe84a00e7aef185e2bb3e40ce71eca4 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : c1ff27d100e2670b03cbfddb9117e5f9fc672540 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : 0be943916d781df2b652793bb2d3ae4f9624c10a (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88 (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : 00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1 (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : fdcb263fa5cda15b8cb24a641fa2718c47605314 (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : 8b1087b998e273f07be13dcb5f3ca4c309c7f108 (string)

status : affected (string)

versionType : git (string)

}

7 : { »

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : 9eeabdf17fa0ab75381045c867c370f4cc75a613 (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : include/net/dst_metadata.h (string)

]

versions : [ »

0 : { »

version : 4.3 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 4.3 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 4.9.302 (string)

lessThanOrEqual : 4.9.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 4.14.267 (string)

lessThanOrEqual : 4.14.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 4.19.230 (string)

lessThanOrEqual : 4.19.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 5.4.180 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 5.10.101 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 5.15.24 (string)

lessThanOrEqual : 5.15.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 5.16.10 (string)

lessThanOrEqual : 5.16.* (string)

status : unaffected (string)

versionType : semver (string)

}

9 : { »

version : 5.17 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.3 (string)

versionEndExcluding : 4.9.302 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.3 (string)

versionEndExcluding : 4.14.267 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.3 (string)

versionEndExcluding : 4.19.230 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.3 (string)

versionEndExcluding : 5.4.180 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.3 (string)

versionEndExcluding : 5.10.101 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.3 (string)

versionEndExcluding : 5.15.24 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.3 (string)

versionEndExcluding : 5.16.10 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.3 (string)

versionEndExcluding : 5.17 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a (string)

}

3 : { »

url : https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613 (string)

}

]

title : net: fix a memleak when uncloning an skb dst and its metadata (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T15:25:01.534Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2022-48809 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T16:58:37.940393Z (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T17:34:13.409Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.534Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48809", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:58:37.940393Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:21.454Z"}}], "cna": {"title": "net: fix a memleak when uncloning an skb dst and its metadata", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "4ac84498fbe84a00e7aef185e2bb3e40ce71eca4", "versionType": "git"}, {"status": "affected", "version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "c1ff27d100e2670b03cbfddb9117e5f9fc672540", "versionType": "git"}, {"status": "affected", "version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "0be943916d781df2b652793bb2d3ae4f9624c10a", "versionType": "git"}, {"status": "affected", "version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88", "versionType": "git"}, {"status": "affected", "version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1", "versionType": "git"}, {"status": "affected", "version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "fdcb263fa5cda15b8cb24a641fa2718c47605314", "versionType": "git"}, {"status": "affected", "version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "8b1087b998e273f07be13dcb5f3ca4c309c7f108", "versionType": "git"}, {"status": "affected", "version": "fc4099f17240767554ff3a73977acb78ef615404", "lessThan": "9eeabdf17fa0ab75381045c867c370f4cc75a613", "versionType": "git"}], "programFiles": ["include/net/dst_metadata.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.3"}, {"status": "unaffected", "version": "0", "lessThan": "4.3", "versionType": "semver"}, {"status": "unaffected", "version": "4.9.302", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.267", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.230", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.180", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.101", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.24", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.10", "versionType": "semver", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["include/net/dst_metadata.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4"}, {"url": "https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540"}, {"url": "https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a"}, {"url": "https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88"}, {"url": "https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1"}, {"url": "https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314"}, {"url": "https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108"}, {"url": "https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix a memleak when uncloning an skb dst and its metadata\n\nWhen uncloning an skb dst and its associated metadata, a new\ndst+metadata is allocated and later replaces the old one in the skb.\nThis is helpful to have a non-shared dst+metadata attached to a specific\nskb.\n\nThe issue is the uncloned dst+metadata is initialized with a refcount of\n1, which is increased to 2 before attaching it to the skb. When\ntun_dst_unclone returns, the dst+metadata is only referenced from a\nsingle place (the skb) while its refcount is 2. Its refcount will never\ndrop to 0 (when the skb is consumed), leading to a memory leak.\n\nFix this by removing the call to dst_hold in tun_dst_unclone, as the\ndst+metadata refcount is already 1."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.9.302", "versionStartIncluding": "4.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.14.267", "versionStartIncluding": "4.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.230", "versionStartIncluding": "4.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.180", "versionStartIncluding": "4.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.101", "versionStartIncluding": "4.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.24", "versionStartIncluding": "4.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.16.10", "versionStartIncluding": "4.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.17", "versionStartIncluding": "4.3"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:23:32.834Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48809", "state": "PUBLISHED", "dateUpdated": "2025-05-04T08:23:32.834Z", "dateReserved": "2024-07-16T11:38:08.897Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-16T11:43:59.757Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T15:25:01.534Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2022-48809 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T16:58:37.940393Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T12:42:21.454Z (string)

}

]

cna : { »

title : net: fix a memleak when uncloning an skb dst and its metadata (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : 4ac84498fbe84a00e7aef185e2bb3e40ce71eca4 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : c1ff27d100e2670b03cbfddb9117e5f9fc672540 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : 0be943916d781df2b652793bb2d3ae4f9624c10a (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88 (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : 00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1 (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : fdcb263fa5cda15b8cb24a641fa2718c47605314 (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : 8b1087b998e273f07be13dcb5f3ca4c309c7f108 (string)

versionType : git (string)

}

7 : { »

status : affected (string)

version : fc4099f17240767554ff3a73977acb78ef615404 (string)

lessThan : 9eeabdf17fa0ab75381045c867c370f4cc75a613 (string)

versionType : git (string)

}

]

programFiles : [ »

0 : include/net/dst_metadata.h (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.3 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 4.3 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 4.9.302 (string)

versionType : semver (string)

lessThanOrEqual : 4.9.* (string)

}

3 : { »

status : unaffected (string)

version : 4.14.267 (string)

versionType : semver (string)

lessThanOrEqual : 4.14.* (string)

}

4 : { »

status : unaffected (string)

version : 4.19.230 (string)

versionType : semver (string)

lessThanOrEqual : 4.19.* (string)

}

5 : { »

status : unaffected (string)

version : 5.4.180 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

6 : { »

status : unaffected (string)

version : 5.10.101 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

7 : { »

status : unaffected (string)

version : 5.15.24 (string)

versionType : semver (string)

lessThanOrEqual : 5.15.* (string)

}

8 : { »

status : unaffected (string)

version : 5.16.10 (string)

versionType : semver (string)

lessThanOrEqual : 5.16.* (string)

}

9 : { »

status : unaffected (string)

version : 5.17 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : include/net/dst_metadata.h (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a (string)

}

3 : { »

url : https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613 (string)

}

]

x_generator : { »

engine : bippy-1.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: fix a memleak when uncloning an skb dst and its metadata When uncloning an skb dst and its associated metadata, a new dst+metadata is allocated and later replaces the old one in the skb. This is helpful to have a non-shared dst+metadata attached to a specific skb. The issue is the uncloned dst+metadata is initialized with a refcount of 1, which is increased to 2 before attaching it to the skb. When tun_dst_unclone returns, the dst+metadata is only referenced from a single place (the skb) while its refcount is 2. Its refcount will never drop to 0 (when the skb is consumed), leading to a memory leak. Fix this by removing the call to dst_hold in tun_dst_unclone, as the dst+metadata refcount is already 1. (string)

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

negate : false (boolean)

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.9.302 (string)

versionStartIncluding : 4.3 (string)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.14.267 (string)

versionStartIncluding : 4.3 (string)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.19.230 (string)

versionStartIncluding : 4.3 (string)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.4.180 (string)

versionStartIncluding : 4.3 (string)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.10.101 (string)

versionStartIncluding : 4.3 (string)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.15.24 (string)

versionStartIncluding : 4.3 (string)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.16.10 (string)

versionStartIncluding : 4.3 (string)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.17 (string)

versionStartIncluding : 4.3 (string)

}

]

operator : OR (string)

}

]

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T08:23:32.834Z (string)

}

cveMetadata : { »

cveId : CVE-2022-48809 (string)

state : PUBLISHED (string)

dateUpdated : 2025-05-04T08:23:32.834Z (string)

dateReserved : 2024-07-16T11:38:08.897Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-07-16T11:43:59.757Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "72C5D0FA-1645-4649-A21B-6D40B49AA943", "versionEndExcluding": "4.9.302", "versionStartIncluding": "4.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD3CEBEB-60B8-4EA2-B346-6ADF49F754D9", "versionEndExcluding": "4.14.267", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "62845903-4271-4AFA-B8B7-6517ED5BFEB2", "versionEndExcluding": "4.19.230", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6808B38F-AD73-4D55-A158-6EF605E8EB66", "versionEndExcluding": "5.4.180", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A154171E-A3B9-42BE-9E97-C9B0EA43FC54", "versionEndExcluding": "5.10.101", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "866451F0-299E-416C-B0B8-AE6B33E62CCA", "versionEndExcluding": "5.15.24", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "679523BA-1392-404B-AB85-F5A5408B1ECC", "versionEndExcluding": "5.16.10", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix a memleak when uncloning an skb dst and its metadata\n\nWhen uncloning an skb dst and its associated metadata, a new\ndst+metadata is allocated and later replaces the old one in the skb.\nThis is helpful to have a non-shared dst+metadata attached to a specific\nskb.\n\nThe issue is the uncloned dst+metadata is initialized with a refcount of\n1, which is increased to 2 before attaching it to the skb. When\ntun_dst_unclone returns, the dst+metadata is only referenced from a\nsingle place (the skb) while its refcount is 2. Its refcount will never\ndrop to 0 (when the skb is consumed), leading to a memory leak.\n\nFix this by removing the call to dst_hold in tun_dst_unclone, as the\ndst+metadata refcount is already 1."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: soluciona un memleak al desaclonar un skb dst y sus metadatos Al desaclonar un skb dst y sus metadatos asociados, se asigna un nuevo dst+metadatos que luego reemplaza al antiguo en el skb. Esto es \u00fatil para tener metadatos dst+ no compartidos adjuntos a un skb espec\u00edfico. El problema es que los metadatos dst+ no clonados se inicializan con un recuento de 1, que se incrementa a 2 antes de adjuntarlo al skb. Cuando tun_dst_unclone regresa, solo se hace referencia a los metadatos dst+ desde un \u00fanico lugar (el skb) mientras su refcount es 2. Su refcount nunca bajar\u00e1 a 0 (cuando se consume el skb), lo que provoca una p\u00e9rdida de memoria. Solucione este problema eliminando la llamada a dst_hold en tun_dst_unclone, ya que el recuento de metadatos dst+ ya es 1."}], "id": "CVE-2022-48809", "lastModified": "2024-11-21T07:34:07.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-16T12:15:05.190", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 72C5D0FA-1645-4649-A21B-6D40B49AA943 (string)

versionEndExcluding : 4.9.302 (string)

versionStartIncluding : 4.3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FD3CEBEB-60B8-4EA2-B346-6ADF49F754D9 (string)

versionEndExcluding : 4.14.267 (string)

versionStartIncluding : 4.10 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 62845903-4271-4AFA-B8B7-6517ED5BFEB2 (string)

versionEndExcluding : 4.19.230 (string)

versionStartIncluding : 4.15 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6808B38F-AD73-4D55-A158-6EF605E8EB66 (string)

versionEndExcluding : 5.4.180 (string)

versionStartIncluding : 4.20 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A154171E-A3B9-42BE-9E97-C9B0EA43FC54 (string)

versionEndExcluding : 5.10.101 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 866451F0-299E-416C-B0B8-AE6B33E62CCA (string)

versionEndExcluding : 5.15.24 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 679523BA-1392-404B-AB85-F5A5408B1ECC (string)

versionEndExcluding : 5.16.10 (string)

versionStartIncluding : 5.16 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: fix a memleak when uncloning an skb dst and its metadata When uncloning an skb dst and its associated metadata, a new dst+metadata is allocated and later replaces the old one in the skb. This is helpful to have a non-shared dst+metadata attached to a specific skb. The issue is the uncloned dst+metadata is initialized with a refcount of 1, which is increased to 2 before attaching it to the skb. When tun_dst_unclone returns, the dst+metadata is only referenced from a single place (the skb) while its refcount is 2. Its refcount will never drop to 0 (when the skb is consumed), leading to a memory leak. Fix this by removing the call to dst_hold in tun_dst_unclone, as the dst+metadata refcount is already 1. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: soluciona un memleak al desaclonar un skb dst y sus metadatos Al desaclonar un skb dst y sus metadatos asociados, se asigna un nuevo dst+metadatos que luego reemplaza al antiguo en el skb. Esto es útil para tener metadatos dst+ no compartidos adjuntos a un skb específico. El problema es que los metadatos dst+ no clonados se inicializan con un recuento de 1, que se incrementa a 2 antes de adjuntarlo al skb. Cuando tun_dst_unclone regresa, solo se hace referencia a los metadatos dst+ desde un único lugar (el skb) mientras su refcount es 2. Su refcount nunca bajará a 0 (cuando se consume el skb), lo que provoca una pérdida de memoria. Solucione este problema eliminando la llamada a dst_hold en tun_dst_unclone, ya que el recuento de metadatos dst+ ya es 1. (string)

}

]

id : CVE-2022-48809 (string)

lastModified : 2024-11-21T07:34:07.787 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-07-16T12:15:05.190 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613 (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88 (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540 (string)

}

7 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314 (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-401 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "kernel: net: fix a memleak when uncloning an skb dst and its metadata", "id": "2298145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298145"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: fix a memleak when uncloning an skb dst and its metadata\nWhen uncloning an skb dst and its associated metadata, a new\ndst+metadata is allocated and later replaces the old one in the skb.\nThis is helpful to have a non-shared dst+metadata attached to a specific\nskb.\nThe issue is the uncloned dst+metadata is initialized with a refcount of\n1, which is increased to 2 before attaching it to the skb. When\ntun_dst_unclone returns, the dst+metadata is only referenced from a\nsingle place (the skb) while its refcount is 2. Its refcount will never\ndrop to 0 (when the skb is consumed), leading to a memory leak.\nFix this by removing the call to dst_hold in tun_dst_unclone, as the\ndst+metadata refcount is already 1."], "name": "CVE-2022-48809", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48809\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48809\nhttps://lore.kernel.org/linux-cve-announce/2024071646-CVE-2022-48809-ba13@gregkh/T"], "threat_severity": "Low"}

{

bugzilla : { »

description : kernel: net: fix a memleak when uncloning an skb dst and its metadata (string)

id : 2298145 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2298145 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 6.1 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L (string)

status : draft (string)

}

cwe : CWE-402 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: net: fix a memleak when uncloning an skb dst and its metadata When uncloning an skb dst and its associated metadata, a new dst+metadata is allocated and later replaces the old one in the skb. This is helpful to have a non-shared dst+metadata attached to a specific skb. The issue is the uncloned dst+metadata is initialized with a refcount of 1, which is increased to 2 before attaching it to the skb. When tun_dst_unclone returns, the dst+metadata is only referenced from a single place (the skb) while its refcount is 2. Its refcount will never drop to 0 (when the skb is consumed), leading to a memory leak. Fix this by removing the call to dst_hold in tun_dst_unclone, as the dst+metadata refcount is already 1. (string)

]

name : CVE-2022-48809 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Fix deferred (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Fix deferred (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Fix deferred (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

6 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Fix deferred (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-07-16T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2022-48809 https://nvd.nist.gov/vuln/detail/CVE-2022-48809 https://lore.kernel.org/linux-cve-announce/2024071646-CVE-2022-48809-ba13@gregkh/T (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object