vulnerability
Debian: CVE-2022-49636: linux -- security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:N/I:N/A:C) | 02/27/2025 | 02/27/2025 | 03/13/2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
vlan: fix memory leak in vlan_newlink()
Blamed commit added back a bug I fixed in commit 9bbd917e0bec
("vlan: fix memory leak in vlan_dev_set_egress_priority")
If a memory allocation fails in vlan_changelink() after other allocations
succeeded, we need to call vlan_dev_free_egress_priority()
to free all allocated memory because after a failed ->newlink()
we do not call any methods like ndo_uninit() or dev->priv_destructor().
In following example, if the allocation for last element 2000:2001 fails,
we need to free eight prior allocations:
ip link add link dummy0 dummy0.100 type vlan id 100 \
egress-qos-map 1:2 2:3 3:4 4:5 5:6 6:7 7:8 8:9 2000:2001
syzbot report was:
BUG: memory leak
unreferenced object 0xffff888117bd1060 (size 32):
comm "syz-executor408", pid 3759, jiffies 4294956555 (age 34.090s)
hex dump (first 32 bytes):
09 00 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[] kmalloc include/linux/slab.h:600 [inline]
[] vlan_dev_set_egress_priority+0xed/0x170 net/8021q/vlan_dev.c:193
[] vlan_changelink+0x178/0x1d0 net/8021q/vlan_netlink.c:128
[] vlan_newlink+0x148/0x260 net/8021q/vlan_netlink.c:185
[] rtnl_newlink_create net/core/rtnetlink.c:3363 [inline]
[] __rtnl_newlink+0xa58/0xdc0 net/core/rtnetlink.c:3580
[] rtnl_newlink+0x49/0x70 net/core/rtnetlink.c:3593
[] rtnetlink_rcv_msg+0x21c/0x5c0 net/core/rtnetlink.c:6089
[] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2501
[] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
[] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345
[] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921
[] sock_sendmsg_nosec net/socket.c:714 [inline]
[] sock_sendmsg+0x56/0x80 net/socket.c:734
[] ____sys_sendmsg+0x36c/0x390 net/socket.c:2488
[] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2542
[] __sys_sendmsg net/socket.c:2571 [inline]
[] __do_sys_sendmsg net/socket.c:2580 [inline]
[] __se_sys_sendmsg net/socket.c:2578 [inline]
[] __x64_sys_sendmsg+0x78/0xf0 net/socket.c:2578
[] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[] entry_SYSCALL_64_after_hwframe+0x46/0xb0
Solution
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.