CVE-2022-48642

netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()

Severity Score

3.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() It seems to me that percpu memory for chain stats started leaking since
commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to
hardware priority") when nft_chain_offload_priority() returned an error.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: corrige la pérdida de memoria de percpu en nf_tables_addchain() Me parece que la memoria de percpu para las estadísticas de la cadena comenzó a perderse desde el commit 3bc158f8d0330f0a ("netfilter: nf_tables: asigna la prioridad de la cadena base al hardware prioridad") cuando nft_chain_offload_priority() devolvió un error.

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to hardware priority") when nft_chain_offload_priority() returned an error.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-04-28 CVE Published
2024-12-19 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/3bc158f8d0330f0ac58597c023acca2234c14616	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b043a525a3f5520abb676a7cd8f6328fdf959e88	2022-09-28
https://git.kernel.org/stable/c/08d7524f366a886b99b1630a24a27dd6e0d7f852	2022-09-28
https://git.kernel.org/stable/c/985b031667c3177b9e7fb9787b989628e4271714	2022-09-28
https://git.kernel.org/stable/c/9a4d6dd554b86e65581ef6b6638a39ae079b17ac	2022-09-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 5.10.146 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.10.146"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 5.15.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.15.71"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 5.19.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.19.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.0"		en		Affected