| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Apr 2024 15:05:02 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-48641: netfilter: ebtables: fix memory leak when blob is malformed Description =========== In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix memory leak when blob is malformed The bug fix was incomplete, it "replaced" crash with a memory leak. The old code had an assignment to "ret" embedded into the conditional, restore this. The Linux kernel CVE team has assigned CVE-2022-48641 to this issue. Affected and fixed versions =========================== Issue introduced in 4.14.292 with commit afd01382594d and fixed in 4.14.295 with commit 754e8b74281d Issue introduced in 4.19.257 with commit 358765beb836 and fixed in 4.19.260 with commit 1e98318af2f1 Issue introduced in 5.4.212 with commit 160c4eb47db0 and fixed in 5.4.215 with commit 11ebf32fde46 Issue introduced in 5.10.140 with commit 624c30521233 and fixed in 5.10.146 with commit ebd97dbe3c55 Issue introduced in 5.15.64 with commit 1b2c5428f773 and fixed in 5.15.71 with commit d5917b7af7ca Issue introduced in 5.19.6 with commit e53cfa017bf4 and fixed in 5.19.12 with commit 38cf372b17f0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-48641 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/bridge/netfilter/ebtables.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/754e8b74281dd54a324698803483f47cf3355ae1 https://git.kernel.org/stable/c/1e98318af2f163eadaff815abcef38d27ca92c1e https://git.kernel.org/stable/c/11ebf32fde46572b0aaf3c2bdd97d923ef5a03ab https://git.kernel.org/stable/c/ebd97dbe3c55d68346b9c5fb00634a7f5b10bbee https://git.kernel.org/stable/c/d5917b7af7cae0e2804f9d127a03268035098b7f https://git.kernel.org/stable/c/38cf372b17f0a5f35c1b716a100532d539f0eb33 https://git.kernel.org/stable/c/62ce44c4fff947eebdf10bb582267e686e6835c9
Powered by blists - more mailing lists