CVE-2022-49153

{"id": "CVE-2022-49153", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:00:52.533", "references": [{"url": "https://git.kernel.org/stable/c/096f9d35cac0a0c95ffafc00db84786b665a4837", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/0b19bcb753dbfb74710d12bb2761ec5ed706c726", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/402991a9771587acc2947cf6c4d689c5397f2258", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bbbf962d9460194993ee1943a793a0a0af4a7fbf", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ebcc492f4ba14bae54b898f1016a37b4282558d1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: socket: free skb in send6 when ipv6 is disabled\n\nI got a memory leak report:\n\nunreferenced object 0xffff8881191fc040 (size 232):\n comm \"kworker/u17:0\", pid 23193, jiffies 4295238848 (age 3464.870s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<ffffffff814c3ef4>] slab_post_alloc_hook+0x84/0x3b0\n [<ffffffff814c8977>] kmem_cache_alloc_node+0x167/0x340\n [<ffffffff832974fb>] __alloc_skb+0x1db/0x200\n [<ffffffff82612b5d>] wg_socket_send_buffer_to_peer+0x3d/0xc0\n [<ffffffff8260e94a>] wg_packet_send_handshake_initiation+0xfa/0x110\n [<ffffffff8260ec81>] wg_packet_handshake_send_worker+0x21/0x30\n [<ffffffff8119c558>] process_one_work+0x2e8/0x770\n [<ffffffff8119ca2a>] worker_thread+0x4a/0x4b0\n [<ffffffff811a88e0>] kthread+0x120/0x160\n [<ffffffff8100242f>] ret_from_fork+0x1f/0x30\n\nIn function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_\nbuffer_to_peer(), the semantics of send6() is required to free skb. But\nwhen CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it\nto fix this bug."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wireguard: socket: skb libre en send6 cuando ipv6 est\u00e1 deshabilitado Recib\u00ed un informe de p\u00e9rdida de memoria: objeto sin referencia 0xffff8881191fc040 (tama\u00f1o 232): comm \"kworker/u17:0\", pid 23193, jiffies 4295238848 (edad 3464.870s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] slab_post_alloc_hook+0x84/0x3b0 [] kmem_cache_alloc_node+0x167/0x340 [] __alloc_skb+0x1db/0x200 [] wg_socket_send_buffer_to_peer+0x3d/0xc0 [] wg_packet_send_handshake_initiation+0xfa/0x110 [] wg_packet_handshake_send_worker+0x21/0x30 [] process_one_work+0x2e8/0x770 [] worker_thread+0x4a/0x4b0 [] kthread+0x120/0x160 [] ret_from_fork+0x1f/0x30 En la funci\u00f3n wg_socket_send_buffer_as_reply_to_skb() o wg_socket_send_buffer_to_peer(), se requiere la sem\u00e1ntica de send6() para liberar skb. Pero cuando CONFIG_IPV6 est\u00e1 deshabilitado, falta kfree_skb(). Este parche lo agrega para corregir este error."}], "lastModified": "2025-03-13T21:59:52.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05F0A158-8722-4B5A-BEC5-245BC5E3EA9A", "versionEndExcluding": "5.10.110", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5", "versionEndExcluding": "5.15.33", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B", "versionEndExcluding": "5.16.19", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF", "versionEndExcluding": "5.17.2", "versionStartIncluding": "5.17"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}