CVE-2022-49015

net: hsr: Fix potential use-after-free

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

net: hsr: Fix potential use-after-free

The skb is delivered to netif_rx() which may free it, after calling this,
dereferencing skb may trigger use-after-free.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-08-22 CVE Reserved
2024-10-21 CVE Published
2024-10-21 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/f421436a591d34fa5279b54a96ac07d70250cc8d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8393ce5040803666bfa26a3a7bf41e44fab0ace9	2022-12-08
https://git.kernel.org/stable/c/4b351609af4fdbc23f79ab2b12748f4403ea9af4	2022-12-08
https://git.kernel.org/stable/c/b35d899854d5d5d58eb7d7e7c0f61afc60d3a9e9	2022-12-08
https://git.kernel.org/stable/c/53a62c5efe91665f7a41fad0f888a96f94dc59eb	2022-12-08
https://git.kernel.org/stable/c/7ca81a161e406834a1fdc405fc83a572bd14b8d9	2022-12-08
https://git.kernel.org/stable/c/dca370e575d9b6c983f5015e8dc035e23e219ee6	2022-12-08
https://git.kernel.org/stable/c/f3add2b8cf620966de3ebfa07679ca12d33ec26f	2022-12-08
https://git.kernel.org/stable/c/7e177d32442b7ed08a9fa61b61724abc548cb248	2022-11-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 4.9.335 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 4.9.335"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 4.14.301 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 4.14.301"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 4.19.268 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 4.19.268"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 5.4.226 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 5.4.226"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 5.10.158 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 5.10.158"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 5.15.82 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 5.15.82"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 6.0.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 6.0.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 6.1"		en		Affected