github - ghsa-4265-mmrf-q5w3

ghsa-4265-mmrf-q5w3

Vulnerability from github

Published

2025-06-18 12:30

Modified

2025-06-18 12:30

Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: possible module reference underflow in error path

dst->ops is set on when nft_expr_clone() fails, but module refcount has not been bumped yet, therefore nft_expr_destroy() leads to module reference underflow.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-50048"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:33Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: possible module reference underflow in error path\n\ndst-\u003eops is set on when nft_expr_clone() fails, but module refcount has\nnot been bumped yet, therefore nft_expr_destroy() leads to module\nreference underflow.",
  "id": "GHSA-4265-mmrf-q5w3",
  "modified": "2025-06-18T12:30:45Z",
  "published": "2025-06-18T12:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50048"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e52e6cfec6342c3d0df47dc3a76724fb3dabf56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b59bee8b05b0e789b5a298cacb09e8aaa3367a29"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c485c35ff6783ccd12c160fcac6a0e504e83e0bf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2022-50048 (GCVE-0-2022-50048)

Vulnerability from cvelistv5

Published

2025-06-18 11:01

Modified

2025-06-18 11:01

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: possible module reference underflow in error path dst->ops is set on when nft_expr_clone() fails, but module refcount has not been bumped yet, therefore nft_expr_destroy() leads to module reference underflow.

References

►

URL

Tags

	https://git.kernel.org/stable/c/b59bee8b05b0e789b5a298cacb09e8aaa3367a29
	https://git.kernel.org/stable/c/1e52e6cfec6342c3d0df47dc3a76724fb3dabf56
	https://git.kernel.org/stable/c/c485c35ff6783ccd12c160fcac6a0e504e83e0bf

Impacted products

Vendor

Product

Version

►

Version: 8cfd9b0f8515e7c361bba27e2a2684cbd427fe01
Version: 8cfd9b0f8515e7c361bba27e2a2684cbd427fe01
Version: 8cfd9b0f8515e7c361bba27e2a2684cbd427fe01

Version: 5.11

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b59bee8b05b0e789b5a298cacb09e8aaa3367a29",
              "status": "affected",
              "version": "8cfd9b0f8515e7c361bba27e2a2684cbd427fe01",
              "versionType": "git"
            },
            {
              "lessThan": "1e52e6cfec6342c3d0df47dc3a76724fb3dabf56",
              "status": "affected",
              "version": "8cfd9b0f8515e7c361bba27e2a2684cbd427fe01",
              "versionType": "git"
            },
            {
              "lessThan": "c485c35ff6783ccd12c160fcac6a0e504e83e0bf",
              "status": "affected",
              "version": "8cfd9b0f8515e7c361bba27e2a2684cbd427fe01",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.63",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.4",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: possible module reference underflow in error path\n\ndst-\u003eops is set on when nft_expr_clone() fails, but module refcount has\nnot been bumped yet, therefore nft_expr_destroy() leads to module\nreference underflow."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T11:01:48.893Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b59bee8b05b0e789b5a298cacb09e8aaa3367a29"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e52e6cfec6342c3d0df47dc3a76724fb3dabf56"
        },
        {
          "url": "https://git.kernel.org/stable/c/c485c35ff6783ccd12c160fcac6a0e504e83e0bf"
        }
      ],
      "title": "netfilter: nf_tables: possible module reference underflow in error path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50048",
    "datePublished": "2025-06-18T11:01:48.893Z",
    "dateReserved": "2025-06-18T10:57:27.402Z",
    "dateUpdated": "2025-06-18T11:01:48.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.