CVE-2022-48911

netfilter: nf_queue: fix possible use-after-free

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_queue: fix possible use-after-free

Eric Dumazet says:
The sock_hold() side seems suspect, because there is no guarantee
that sk_refcnt is not already 0.

On failure, we cannot queue the packet and need to indicate an
error. The packet will be dropped by the caller.

v2: split skb prefetch hunk into separate change

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-21 CVE Reserved
2024-08-22 CVE Published
2024-09-13 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/271b72c7fa82c2c7a795bc16896149933110672d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95	2022-03-08
https://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5	2022-03-08
https://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3	2022-03-08
https://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff	2022-03-08
https://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a	2022-03-08
https://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43	2022-03-08
https://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee	2022-03-08
https://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1	2022-03-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 4.9.305 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 4.9.305"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 4.14.270 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 4.14.270"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 4.19.233 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 4.19.233"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.4.183 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.4.183"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.10.104 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.10.104"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.15.27 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.15.27"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.16.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.16.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.17"		en		Affected