CVE-2022-49209

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49209

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49209.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49209

Related

UBUNTU-CVE-2022-49209

Published

2025-02-26T07:00:58Z

Modified

2025-03-18T20:50:32.271733Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full

If tcpbpfsendmsg() is running while sk msg is full. When skmsgalloc() returns -ENOMEM error, tcpbpfsendmsg() goes to waitformemory. If partial memory has been alloced by skmsgalloc(), that is, msgtx->sg.size is greater than osize after skmsgalloc(), memleak occurs. To fix we use skmsg_trim() to release the allocated memory, then goto wait for memory.

Other call paths of skmsgalloc() have the similar issue, such as tlsswsendmsg(), so handle skmsgtrim logic inside skmsgalloc(), as Cong Wang suggested.

This issue can cause the following info: WARNING: CPU: 3 PID: 7950 at net/core/stream.c:208 skstreamkillqueues+0xd4/0x1a0 Call Trace: <TASK> inetcskdestroysock+0x55/0x110 _tcpclose+0x279/0x470 tcpclose+0x1f/0x60 inetrelease+0x3f/0x80 _sockrelease+0x3d/0xb0 sockclose+0x11/0x20 _fput+0x92/0x250 taskworkrun+0x6a/0xa0 doexit+0x33b/0xb60 dogroupexit+0x2f/0xa0 getsignal+0xb6/0x950 archdosignalorrestart+0xac/0x2a0 exittousermodeprepare+0xa9/0x200 syscallexittousermode+0x12/0x30 dosyscall64+0x46/0x80 entrySYSCALL64afterhwframe+0x44/0xae </TASK>

WARNING: CPU: 3 PID: 2094 at net/ipv4/afinet.c:155 inetsockdestruct+0x13c/0x260 Call Trace: <TASK> _skdestruct+0x24/0x1f0 skpsockdestroy+0x19b/0x1c0 processonework+0x1b3/0x3c0 kthread+0xe6/0x110 retfrom_fork+0x22/0x30 </TASK>

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.113-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}