CVE-2022-49865

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49865
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49865.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49865
Downstream
Related
Published
2025-05-01T14:10:17.673Z
Modified
2026-04-11T12:44:38.113195Z
Summary
ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
Details

In the Linux kernel, the following vulnerability has been resolved:

ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network

When copying a struct ifaddrlblmsg to the network, _ifalreserved remained uninitialized, resulting in a 1-byte infoleak:

BUG: KMSAN: kernel-network-infoleak in __netdevstartxmit ./include/linux/netdevice.h:4841 __netdevstartxmit ./include/linux/netdevice.h:4841 netdevstartxmit ./include/linux/netdevice.h:4857 xmitone net/core/dev.c:3590 devhardstartxmit+0x1dc/0x800 net/core/dev.c:3606 __devqueuexmit+0x17e8/0x4350 net/core/dev.c:4256 devqueuexmit ./include/linux/netdevice.h:3009 __netlinkdelivertapskb net/netlink/afnetlink.c:307 __netlinkdelivertap+0x728/0xad0 net/netlink/afnetlink.c:325 netlinkdelivertap net/netlink/afnetlink.c:338 __netlinksendskb net/netlink/afnetlink.c:1263 netlinksendskb+0x1d9/0x200 net/netlink/afnetlink.c:1272 netlinkunicast+0x56d/0xf50 net/netlink/afnetlink.c:1360 nlmsgunicast ./include/net/netlink.h:1061 rtnlunicast+0x5a/0x80 net/core/rtnetlink.c:758 ip6addrlblget+0xfad/0x10f0 net/ipv6/addrlabel.c:628 rtnetlinkrcvmsg+0xb33/0x1570 net/core/rtnetlink.c:6082 ... Uninit was created at: slabpostallochook+0x118/0xb00 mm/slab.h:742 slaballocnode mm/slub.c:3398 __kmemcachealloc_node+0x4f2/0x930 mm/slub.c:3437 __dokmallocnode mm/slab_common.c:954 __kmallocnodetrack_caller+0x117/0x3d0 mm/slabcommon.c:975 kmallocreserve net/core/skbuff.c:437 _allocskb+0x27a/0xab0 net/core/skbuff.c:509 allocskb ./include/linux/skbuff.h:1267 nlmsgnew ./include/net/netlink.h:964 ip6addrlblget+0x490/0x10f0 net/ipv6/addrlabel.c:608 rtnetlinkrcvmsg+0xb33/0x1570 net/core/rtnetlink.c:6082 netlinkrcvskb+0x299/0x550 net/netlink/afnetlink.c:2540 rtnetlinkrcv+0x26/0x30 net/core/rtnetlink.c:6109 netlinkunicastkernel net/netlink/afnetlink.c:1319 netlinkunicast+0x9ab/0xf50 net/netlink/afnetlink.c:1345 netlinksendmsg+0xebc/0x10f0 net/netlink/afnetlink.c:1921 ...

This patch ensures that the reserved field is always initialized.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49865.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2a8cc6c89039e0530a3335954253b76ed0f9339a
Fixed
568a47ff756f913e8b374c2af9d22cd2c772c744
Fixed
0f85b7ae7c4b5d7b4bbf7ac653a733c181a8a2bf
Fixed
6d26d0587abccb9835382a0b53faa7b9b1cd83e3
Fixed
58cd7fdc8c1e6c7873acc08f190069fed88d1c12
Fixed
a033b86c7f7621fde31f0364af8986f43b44914f
Fixed
2acb2779b147decd300c117683d5a32ce61c75d6
Fixed
49e92ba5ecd7d72ba369dde2ccff738edd028a47
Fixed
c23fb2c82267638f9d206cb96bb93e1f93ad7828

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49865.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.25
Fixed
4.9.334
Type
ECOSYSTEM
Events
Introduced
4.10.0
Fixed
4.14.300
Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.267
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.225
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.155
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.79
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49865.json"