CVE-2022-49732

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49732
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49732.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49732
Downstream
Related
Published
2025-02-26T15:15:17Z
Modified
2025-08-09T20:01:26Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

sock: redo the psock vs ULP protection check

Commit 8a59f9d1e3d4 ("sock: Introduce sk->skprot->psockupdateskprot()") has moved the inetcskhasulp(sk) check from skpsockinit() to the new tcpbpfupdateproto() function. I'm guessing that this was done to allow creating psocks for non-inet sockets.

Unfortunately the destruction path for psock includes the ULP unwind, so we need to fail the skpsockinit() itself. Otherwise if ULP is already present we'll notice that later, and call tcpupdateulp() with the sk_proto of the ULP itself, which will most likely result in the ULP looping its callbacks.

References

Affected packages