Bug 2347949 (CVE-2022-49403)
| Summary: | CVE-2022-49403 kernel: lib/string_helpers: fix not adding strarray to device's resource list | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
CVE-2022-49403 is a vulnerability in the Linux kernel's handling of IPv6 networking, specifically in the Segment Routing feature. The issue stems from a logic error during cleanup, where certain network route objects can be freed (deleted from memory) more than once. This type of mistake is known as a use-after-free bug and can lead to unpredictable behavior, including system crashes or potentially allowing an attacker to execute code with elevated privileges. While this bug affects systems with IPv6 and advanced routing configurations enabled, it’s less likely to impact typical home users. The vulnerability has been patched in updated kernel versions, and users are advised to upgrade to avoid potential exploitation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-02-26 03:12:21 UTC
|