A flaw in the Linux Kernel found. If patch 158b515f703e ("tun: avoid double free in tun_free_netdev") not applied, then user can call register_netdevice() to fail that can lead to double free. One way to make a NETDEV_REGISTER notifier fail is to create a device with name "default" or "all", which will be vetoed by devinet_sysctl_register() because sysctl_dev_name_is_allowed() detects that the name is a reserved entry name in /proc/sys/net/ipv4/conf/. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2180939]
This was fixed for Fedora with the 5.15.12 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1467 https://access.redhat.com/errata/RHSA-2023:1467
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1469 https://access.redhat.com/errata/RHSA-2023:1469
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1471 https://access.redhat.com/errata/RHSA-2023:1471
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1466 https://access.redhat.com/errata/RHSA-2023:1466
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1470 https://access.redhat.com/errata/RHSA-2023:1470
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1468 https://access.redhat.com/errata/RHSA-2023:1468
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-4744