Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-49622
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-26 Feb, 2025 | 02:23
Updated At-23 Dec, 2025 | 13:24
Rejected At-
▼CVE Numbering Authority (CNA)
netfilter: nf_tables: avoid skb access on nf_stolen

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid skb access on nf_stolen When verdict is NF_STOLEN, the skb might have been freed. When tracing is enabled, this can result in a use-after-free: 1. access to skb->nf_trace 2. access to skb->mark 3. computation of trace id 4. dump of packet payload To avoid 1, keep a cached copy of skb->nf_trace in the trace state struct. Refresh this copy whenever verdict is != STOLEN. Avoid 2 by skipping skb->mark access if verdict is STOLEN. 3 is avoided by precomputing the trace id. Only dump the packet when verdict is not "STOLEN".

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/netfilter/nf_tables.h
  • net/netfilter/nf_tables_core.c
  • net/netfilter/nf_tables_trace.c
Default Status
unaffected
Versions
Affected
  • From 5efa0fc6d7f7930b18801f07cefae8eeacd6ac02 before 0016d5d46d7440729a3132f61a8da3bf7f84e2ba (git)
  • From 5efa0fc6d7f7930b18801f07cefae8eeacd6ac02 before e34b9ed96ce3b06c79bf884009b16961ca478f87 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/netfilter/nf_tables.h
  • net/netfilter/nf_tables_core.c
  • net/netfilter/nf_tables_trace.c
Default Status
affected
Versions
Affected
  • 4.10
Unaffected
  • From 0 before 4.10 (semver)
  • From 5.18.13 through 5.18.* (semver)
  • From 5.19 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/0016d5d46d7440729a3132f61a8da3bf7f84e2ba
N/A
https://git.kernel.org/stable/c/e34b9ed96ce3b06c79bf884009b16961ca478f87
N/A
Hyperlink: https://git.kernel.org/stable/c/0016d5d46d7440729a3132f61a8da3bf7f84e2ba
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e34b9ed96ce3b06c79bf884009b16961ca478f87
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found