CVE-2022-49110

{"id": "CVE-2022-49110", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:00:48.363", "references": [{"url": "https://git.kernel.org/stable/c/2cfadb761d3d0219412fd8150faea60c7e863833", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/58d52743ae85d28c9335c6034d6ce350b8689951", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/592e57591826f3d09c28d755a39ea8e9d13705ad", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7cd361d5e6d986c0d4cafb9ceaa803359048ae15", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: revisit gc autotuning\n\nas of commit 4608fdfc07e1\n(\"netfilter: conntrack: collect all entries in one cycle\")\nconntrack gc was changed to run every 2 minutes.\n\nOn systems where conntrack hash table is set to large value, most evictions\nhappen from gc worker rather than the packet path due to hash table\ndistribution.\n\nThis causes netlink event overflows when events are collected.\n\nThis change collects average expiry of scanned entries and\nreschedules to the average remaining value, within 1 to 60 second interval.\n\nTo avoid event overflows, reschedule after each bucket and add a\nlimit for both run time and number of evictions per run.\n\nIf more entries have to be evicted, reschedule and restart 1 jiffy\ninto the future."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: conntrack: volver a realizar el ajuste autom\u00e1tico de gc a partir de el commit 4608fdfc07e1 (\"netfilter: conntrack: recopilar todas las entradas en un ciclo\") Se modific\u00f3 conntrack gc para que se ejecute cada 2 minutos. En sistemas en los que la tabla hash de conntrack est\u00e1 configurada con un valor grande, la mayor\u00eda de los desalojos se producen desde el trabajador de gc en lugar de la ruta del paquete debido a la distribuci\u00f3n de la tabla hash. Esto provoca desbordamientos de eventos de netlink cuando se recopilan eventos. Este cambio recopila la expiraci\u00f3n promedio de las entradas escaneadas y reprograma al valor restante promedio, dentro de un intervalo de 1 a 60 segundos. Para evitar desbordamientos de eventos, reprograme despu\u00e9s de cada dep\u00f3sito y agregue un l\u00edmite tanto para el tiempo de ejecuci\u00f3n como para la cantidad de desalojos por ejecuci\u00f3n. Si se deben desalojar m\u00e1s entradas, reprograme y reinicie 1 santiam\u00e9n en el futuro."}], "lastModified": "2025-09-23T18:16:22.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE872F08-121D-4AE8-82B9-2B5DA905C944", "versionEndExcluding": "5.15.34"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABBBA66E-0244-4621-966B-9790AF1EEB00", "versionEndExcluding": "5.16.20", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE420AC7-1E59-4398-B84F-71F4B4337762", "versionEndExcluding": "5.17.3", "versionStartIncluding": "5.17"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}