CVE-2022-49561 (GCVE-0-2022-49561)
Vulnerability from cvelistv5
Published
2025-02-26 02:14
Modified
2025-05-04 08:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: re-fetch conntrack after insertion
In case the conntrack is clashing, insertion can free skb->_nfct and
set skb->_nfct to the already-confirmed entry.
This wasn't found before because the conntrack entry and the extension
space used to free'd after an rcu grace period, plus the race needs
events enabled to trigger.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 71d8c47fc653711c41bc3282e5b0e605b3727956 Version: 71d8c47fc653711c41bc3282e5b0e605b3727956 Version: 71d8c47fc653711c41bc3282e5b0e605b3727956 Version: 71d8c47fc653711c41bc3282e5b0e605b3727956 Version: 71d8c47fc653711c41bc3282e5b0e605b3727956 Version: 71d8c47fc653711c41bc3282e5b0e605b3727956 Version: 71d8c47fc653711c41bc3282e5b0e605b3727956 Version: 71d8c47fc653711c41bc3282e5b0e605b3727956 |
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_conntrack_core.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e97222b785e70e8973281666d709baad6523d8af",
"status": "affected",
"version": "71d8c47fc653711c41bc3282e5b0e605b3727956",
"versionType": "git"
},
{
"lessThan": "92a999d1963eed0df666284e20055136ceabd12f",
"status": "affected",
"version": "71d8c47fc653711c41bc3282e5b0e605b3727956",
"versionType": "git"
},
{
"lessThan": "b16bb373988da3ceb0308381634117e18b6ec60d",
"status": "affected",
"version": "71d8c47fc653711c41bc3282e5b0e605b3727956",
"versionType": "git"
},
{
"lessThan": "91a36ec160ec1a0c8f5352b772dffcbb0b6023e3",
"status": "affected",
"version": "71d8c47fc653711c41bc3282e5b0e605b3727956",
"versionType": "git"
},
{
"lessThan": "01989d7eebb61c99bd4b88ebc8e261bd2f02caed",
"status": "affected",
"version": "71d8c47fc653711c41bc3282e5b0e605b3727956",
"versionType": "git"
},
{
"lessThan": "04f9e9104c969d8ce10a4a43634f641ed082092d",
"status": "affected",
"version": "71d8c47fc653711c41bc3282e5b0e605b3727956",
"versionType": "git"
},
{
"lessThan": "04e4a11dc723c52db7a36dc58f0d69ce6426f8f0",
"status": "affected",
"version": "71d8c47fc653711c41bc3282e5b0e605b3727956",
"versionType": "git"
},
{
"lessThan": "56b14ecec97f39118bf85c9ac2438c5a949509ed",
"status": "affected",
"version": "71d8c47fc653711c41bc3282e5b0e605b3727956",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_conntrack_core.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.246",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.282",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.246",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.197",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.120",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.45",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.13",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.2",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: re-fetch conntrack after insertion\n\nIn case the conntrack is clashing, insertion can free skb-\u003e_nfct and\nset skb-\u003e_nfct to the already-confirmed entry.\n\nThis wasn\u0027t found before because the conntrack entry and the extension\nspace used to free\u0027d after an rcu grace period, plus the race needs\nevents enabled to trigger."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:35.483Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e97222b785e70e8973281666d709baad6523d8af"
},
{
"url": "https://git.kernel.org/stable/c/92a999d1963eed0df666284e20055136ceabd12f"
},
{
"url": "https://git.kernel.org/stable/c/b16bb373988da3ceb0308381634117e18b6ec60d"
},
{
"url": "https://git.kernel.org/stable/c/91a36ec160ec1a0c8f5352b772dffcbb0b6023e3"
},
{
"url": "https://git.kernel.org/stable/c/01989d7eebb61c99bd4b88ebc8e261bd2f02caed"
},
{
"url": "https://git.kernel.org/stable/c/04f9e9104c969d8ce10a4a43634f641ed082092d"
},
{
"url": "https://git.kernel.org/stable/c/04e4a11dc723c52db7a36dc58f0d69ce6426f8f0"
},
{
"url": "https://git.kernel.org/stable/c/56b14ecec97f39118bf85c9ac2438c5a949509ed"
}
],
"title": "netfilter: conntrack: re-fetch conntrack after insertion",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49561",
"datePublished": "2025-02-26T02:14:06.030Z",
"dateReserved": "2025-02-26T02:08:31.591Z",
"dateUpdated": "2025-05-04T08:40:35.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49561\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:31.877\",\"lastModified\":\"2025-02-26T07:01:31.877\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: conntrack: re-fetch conntrack after insertion\\n\\nIn case the conntrack is clashing, insertion can free skb-\u003e_nfct and\\nset skb-\u003e_nfct to the already-confirmed entry.\\n\\nThis wasn\u0027t found before because the conntrack entry and the extension\\nspace used to free\u0027d after an rcu grace period, plus the race needs\\nevents enabled to trigger.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: conntrack: volver a obtener conntrack despu\u00e9s de la inserci\u00f3n En caso de que conntrack est\u00e9 en conflicto, la inserci\u00f3n puede liberar skb-\u0026gt;_nfct y establecer skb-\u0026gt;_nfct en la entrada ya confirmada. Esto no se encontr\u00f3 antes porque la entrada conntrack y el espacio de extensi\u00f3n sol\u00edan liberarse despu\u00e9s de un per\u00edodo de gracia de rcu, adem\u00e1s de que la ejecuci\u00f3n necesita eventos habilitados para activarse.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/01989d7eebb61c99bd4b88ebc8e261bd2f02caed\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/04e4a11dc723c52db7a36dc58f0d69ce6426f8f0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/04f9e9104c969d8ce10a4a43634f641ed082092d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/56b14ecec97f39118bf85c9ac2438c5a949509ed\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/91a36ec160ec1a0c8f5352b772dffcbb0b6023e3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/92a999d1963eed0df666284e20055136ceabd12f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b16bb373988da3ceb0308381634117e18b6ec60d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e97222b785e70e8973281666d709baad6523d8af\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}