{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49358", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.546Z", "datePublished": "2025-02-26T02:11:07.432Z", "dateUpdated": "2025-05-04T08:35:59.439Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:35:59.439Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: memleak flow rule from commit path\n\nAbort path release flow rule object, however, commit path does not.\nUpdate code to destroy these objects before releasing the transaction."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "c9626a2cbdb20e26587b3fad99960520a023432b", "lessThan": "5b8d63489c3b701eb2a76f848ec94d8cbc9373b9", "status": "affected", "versionType": "git"}, {"version": "c9626a2cbdb20e26587b3fad99960520a023432b", "lessThan": "330c0c6cd2150a2d7f47af16aa590078b0d2f736", "status": "affected", "versionType": "git"}, {"version": "c9626a2cbdb20e26587b3fad99960520a023432b", "lessThan": "e33d9bd563e71f6c6528b96008d65524a459c4dc", "status": "affected", "versionType": "git"}, {"version": "c9626a2cbdb20e26587b3fad99960520a023432b", "lessThan": "80de9ea1f5b808a6601e91111fae601df2b26369", "status": "affected", "versionType": "git"}, {"version": "c9626a2cbdb20e26587b3fad99960520a023432b", "lessThan": "ab9f34a30c23f656e76f4c5b83125a4e7b53c86e", "status": "affected", "versionType": "git"}, {"version": "c9626a2cbdb20e26587b3fad99960520a023432b", "lessThan": "9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.198", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.122", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.47", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.15", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.4", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.4.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.10.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.15.47"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.17.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.18.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5b8d63489c3b701eb2a76f848ec94d8cbc9373b9"}, {"url": "https://git.kernel.org/stable/c/330c0c6cd2150a2d7f47af16aa590078b0d2f736"}, {"url": "https://git.kernel.org/stable/c/e33d9bd563e71f6c6528b96008d65524a459c4dc"}, {"url": "https://git.kernel.org/stable/c/80de9ea1f5b808a6601e91111fae601df2b26369"}, {"url": "https://git.kernel.org/stable/c/ab9f34a30c23f656e76f4c5b83125a4e7b53c86e"}, {"url": "https://git.kernel.org/stable/c/9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3"}], "title": "netfilter: nf_tables: memleak flow rule from commit path", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C4F7493-E51F-47D3-9A59-0B528168B495", "versionEndExcluding": "5.4.198", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AA01-44D8-4572-95E6-FF8E374CF9C5", "versionEndExcluding": "5.10.122", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC042EE3-4864-4325-BE0B-4BCDBF11AA61", "versionEndExcluding": "5.15.47", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "53E7AA2E-2FB4-45CA-A22B-08B4EDBB51AD", "versionEndExcluding": "5.17.15", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA6D643C-6D6A-4821-8A8D-B5776B8F0103", "versionEndExcluding": "5.18.4", "versionStartIncluding": "5.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: memleak flow rule from commit path\n\nAbort path release flow rule object, however, commit path does not.\nUpdate code to destroy these objects before releasing the transaction."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: regla de flujo de memleak de la ruta de confirmaci\u00f3n. La ruta de cancelaci\u00f3n libera el objeto de regla de flujo, pero la ruta de confirmaci\u00f3n no lo hace. Actualice el c\u00f3digo para destruir estos objetos antes de liberar la transacci\u00f3n."}], "id": "CVE-2022-49358", "lastModified": "2025-04-14T19:44:01.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:12.487", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/330c0c6cd2150a2d7f47af16aa590078b0d2f736"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5b8d63489c3b701eb2a76f848ec94d8cbc9373b9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/80de9ea1f5b808a6601e91111fae601df2b26369"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ab9f34a30c23f656e76f4c5b83125a4e7b53c86e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e33d9bd563e71f6c6528b96008d65524a459c4dc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: netfilter: nf_tables: memleak flow rule from commit path", "id": "2347939", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347939"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nf_tables: memleak flow rule from commit path\nAbort path release flow rule object, however, commit path does not.\nUpdate code to destroy these objects before releasing the transaction."], "name": "CVE-2022-49358", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49358\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49358\nhttps://lore.kernel.org/linux-cve-announce/2025022643-CVE-2022-49358-6cfd@gregkh/T"], "threat_severity": "Moderate"}