2363410 – (CVE-2022-49920) CVE-2022-49920 kernel: netfilter: nf_tables: netlink notifier might race to release objects

Bug 2363410 (CVE-2022-49920) - CVE-2022-49920 kernel: netfilter: nf_tables: netlink notifier might race to release objects

Summary: CVE-2022-49920 kernel: netfilter: nf_tables: netlink notifier might race to r...

Keywords:
Status:	NEW
Alias:	CVE-2022-49920
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-05-01 15:03 UTC by OSIDB Bzimport
Modified:	2025-06-06 02:05 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-05-01 15:03:34 UTC

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: netlink notifier might race to release objects

commit release path is invoked via call_rcu and it runs lockless to
release the objects after rcu grace period. The netlink notifier handler
might win race to remove objects that the transaction context is still
referencing from the commit release path.

Call rcu_barrier() to ensure pending rcu callbacks run to completion
if the list of transactions to be destroyed is not empty.

Comment 1 Avinash Hanwate 2025-05-02 06:08:53 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025050108-CVE-2022-49920-667b@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.