| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050108-CVE-2022-49919-858c@gregkh> Date: Thu, 1 May 2025 16:11:49 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49919: netfilter: nf_tables: release flow rule object from commit path From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flow rule object from commit path No need to postpone this to the commit release path, since no packets are walking over this object, this is accessed from control plane only. This helped uncovered UAF triggered by races with the netlink notifier. The Linux kernel CVE team has assigned CVE-2022-49919 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4.198 with commit 5b8d63489c3b701eb2a76f848ec94d8cbc9373b9 and fixed in 5.4.224 with commit 74fd5839467054cd9c4d050614d3ee8788386171 Issue introduced in 5.10.122 with commit 330c0c6cd2150a2d7f47af16aa590078b0d2f736 and fixed in 5.10.154 with commit b2d7a92aff0fbd93c29d2aa6451fb99f050e2c4e Issue introduced in 5.15.47 with commit e33d9bd563e71f6c6528b96008d65524a459c4dc and fixed in 5.15.78 with commit 6044791b7be707fd0e709f26e961a446424e5051 Issue introduced in 5.19 with commit 9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3 and fixed in 6.0.8 with commit 4ab6f96444e936f5e4a936d5c0bc948144bcded3 Issue introduced in 5.19 with commit 9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3 and fixed in 6.1 with commit 26b5934ff4194e13196bedcba373cd4915071d0e Issue introduced in 5.17.15 with commit 80de9ea1f5b808a6601e91111fae601df2b26369 Issue introduced in 5.18.4 with commit ab9f34a30c23f656e76f4c5b83125a4e7b53c86e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49919 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/netfilter/nf_tables_api.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/74fd5839467054cd9c4d050614d3ee8788386171 https://git.kernel.org/stable/c/b2d7a92aff0fbd93c29d2aa6451fb99f050e2c4e https://git.kernel.org/stable/c/6044791b7be707fd0e709f26e961a446424e5051 https://git.kernel.org/stable/c/4ab6f96444e936f5e4a936d5c0bc948144bcded3 https://git.kernel.org/stable/c/26b5934ff4194e13196bedcba373cd4915071d0e
Powered by blists - more mailing lists