| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024102153-CVE-2022-49015-1fd0@gregkh> Date: Mon, 21 Oct 2024 22:06:47 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49015: net: hsr: Fix potential use-after-free Description =========== In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this, dereferencing skb may trigger use-after-free. The Linux kernel CVE team has assigned CVE-2022-49015 to this issue. Affected and fixed versions =========================== Issue introduced in 3.13 with commit f421436a591d and fixed in 4.9.335 with commit 8393ce504080 Issue introduced in 3.13 with commit f421436a591d and fixed in 4.14.301 with commit 4b351609af4f Issue introduced in 3.13 with commit f421436a591d and fixed in 4.19.268 with commit b35d899854d5 Issue introduced in 3.13 with commit f421436a591d and fixed in 5.4.226 with commit 53a62c5efe91 Issue introduced in 3.13 with commit f421436a591d and fixed in 5.10.158 with commit 7ca81a161e40 Issue introduced in 3.13 with commit f421436a591d and fixed in 5.15.82 with commit dca370e575d9 Issue introduced in 3.13 with commit f421436a591d and fixed in 6.0.12 with commit f3add2b8cf62 Issue introduced in 3.13 with commit f421436a591d and fixed in 6.1 with commit 7e177d32442b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49015 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/hsr/hsr_forward.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8393ce5040803666bfa26a3a7bf41e44fab0ace9 https://git.kernel.org/stable/c/4b351609af4fdbc23f79ab2b12748f4403ea9af4 https://git.kernel.org/stable/c/b35d899854d5d5d58eb7d7e7c0f61afc60d3a9e9 https://git.kernel.org/stable/c/53a62c5efe91665f7a41fad0f888a96f94dc59eb https://git.kernel.org/stable/c/7ca81a161e406834a1fdc405fc83a572bd14b8d9 https://git.kernel.org/stable/c/dca370e575d9b6c983f5015e8dc035e23e219ee6 https://git.kernel.org/stable/c/f3add2b8cf620966de3ebfa07679ca12d33ec26f https://git.kernel.org/stable/c/7e177d32442b7ed08a9fa61b61724abc548cb248
Powered by blists - more mailing lists