CVE-2022-49904
- Source
- https://cve.org/CVERecord?id=CVE-2022-49904
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49904.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49904
- Downstream
- Published
- 2025-05-01T14:10:48.998Z
- Modified
- 2026-03-20T12:13:10.298518Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- net, neigh: Fix null-ptr-deref in neigh_table_clear()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net, neigh: Fix null-ptr-deref in neightableclear()
When IPv6 module gets initialized but hits an error in the middle, kenel panic with:
KASAN: null-ptr-deref in range [0x0000000000000598-0x000000000000059f] CPU: 1 PID: 361 Comm: insmod Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:_neighifdown.isra.0+0x24b/0x370 RSP: 0018:ffff888012677908 EFLAGS: 00000202 ... Call Trace: <TASK> neightableclear+0x94/0x2d0 ndisccleanup+0x27/0x40 [ipv6] inet6init+0x21c/0x2cb [ipv6] dooneinitcall+0xd3/0x4d0 doinitmodule+0x1ae/0x670 ... Kernel panic - not syncing: Fatal exception
When ipv6 initialization fails, it will try to cleanup and calls:
neightableclear() neighifdown(tbl, NULL) pneighqueuepurge(&tbl->proxyqueue, devnet(dev == NULL)) # devnet(NULL) triggers null-ptr-deref.
Fix it by passing NULL to pneighqueuepurge() in neigh_ifdown() if dev is NULL, to make kernel not panic immediately.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49904.json" }- References
-
- https://git.kernel.org/stable/c/0d38b4ca6679e72860ff8730e79bb99d0e9fa3b0
- https://git.kernel.org/stable/c/1c89642e7f2b7ecc9635610653f5c2f0276c0051
- https://git.kernel.org/stable/c/2b45d6d0c41cb9593868e476681efb1aae5078a1
- https://git.kernel.org/stable/c/a99a8ec4c62180c889482a2ff6465033e0743458
- https://git.kernel.org/stable/c/b49f6b2f21f543d4dc88fb7b1ec2adccb822f27c
- https://git.kernel.org/stable/c/b736592de2aa53aee2d48d6b129bc0c892007bbe
- https://git.kernel.org/stable/c/f8017317cb0b279b8ab98b0f3901a2e0ac880dad
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49904.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49904
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9bbaed571c4bf1b62ac8703cb359dc090efc3455Fixed0d38b4ca6679e72860ff8730e79bb99d0e9fa3b0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced05fdce1ae744dee43c9181fd063c9c0db4f777f2Fixedb736592de2aa53aee2d48d6b129bc0c892007bbe
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced51be9dd391fd25872b95708a0250f2f7722d2d8eFixedb49f6b2f21f543d4dc88fb7b1ec2adccb822f27c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc35adafe42bd6c3bf2aca0a3f523dabc38fc23c8Fixed1c89642e7f2b7ecc9635610653f5c2f0276c0051
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddb6fa03d80ab076238fc806c9925d1f8b9639d1bFixed2b45d6d0c41cb9593868e476681efb1aae5078a1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced66ba215cb51323e4e55e38fd5f250e0fae0cbc94Fixeda99a8ec4c62180c889482a2ff6465033e0743458Fixedf8017317cb0b279b8ab98b0f3901a2e0ac880dad
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected2dd5ed474115150d8175825bc3b56c6385c3a83b