{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49153", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T01:49:39.275Z", "datePublished": "2025-02-26T01:55:18.745Z", "dateUpdated": "2025-02-26T01:55:18.745Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-26T01:55:18.745Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: socket: free skb in send6 when ipv6 is disabled\n\nI got a memory leak report:\n\nunreferenced object 0xffff8881191fc040 (size 232):\n comm \"kworker/u17:0\", pid 23193, jiffies 4295238848 (age 3464.870s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<ffffffff814c3ef4>] slab_post_alloc_hook+0x84/0x3b0\n [<ffffffff814c8977>] kmem_cache_alloc_node+0x167/0x340\n [<ffffffff832974fb>] __alloc_skb+0x1db/0x200\n [<ffffffff82612b5d>] wg_socket_send_buffer_to_peer+0x3d/0xc0\n [<ffffffff8260e94a>] wg_packet_send_handshake_initiation+0xfa/0x110\n [<ffffffff8260ec81>] wg_packet_handshake_send_worker+0x21/0x30\n [<ffffffff8119c558>] process_one_work+0x2e8/0x770\n [<ffffffff8119ca2a>] worker_thread+0x4a/0x4b0\n [<ffffffff811a88e0>] kthread+0x120/0x160\n [<ffffffff8100242f>] ret_from_fork+0x1f/0x30\n\nIn function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_\nbuffer_to_peer(), the semantics of send6() is required to free skb. But\nwhen CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it\nto fix this bug."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireguard/socket.c"], "versions": [{"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd", "lessThan": "096f9d35cac0a0c95ffafc00db84786b665a4837", "status": "affected", "versionType": "git"}, {"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd", "lessThan": "402991a9771587acc2947cf6c4d689c5397f2258", "status": "affected", "versionType": "git"}, {"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd", "lessThan": "ebcc492f4ba14bae54b898f1016a37b4282558d1", "status": "affected", "versionType": "git"}, {"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd", "lessThan": "0b19bcb753dbfb74710d12bb2761ec5ed706c726", "status": "affected", "versionType": "git"}, {"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd", "lessThan": "bbbf962d9460194993ee1943a793a0a0af4a7fbf", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireguard/socket.c"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.110", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.33", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.19", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.2", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/096f9d35cac0a0c95ffafc00db84786b665a4837"}, {"url": "https://git.kernel.org/stable/c/402991a9771587acc2947cf6c4d689c5397f2258"}, {"url": "https://git.kernel.org/stable/c/ebcc492f4ba14bae54b898f1016a37b4282558d1"}, {"url": "https://git.kernel.org/stable/c/0b19bcb753dbfb74710d12bb2761ec5ed706c726"}, {"url": "https://git.kernel.org/stable/c/bbbf962d9460194993ee1943a793a0a0af4a7fbf"}], "title": "wireguard: socket: free skb in send6 when ipv6 is disabled", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "05F0A158-8722-4B5A-BEC5-245BC5E3EA9A", "versionEndExcluding": "5.10.110", "versionStartIncluding": "5.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5", "versionEndExcluding": "5.15.33", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B", "versionEndExcluding": "5.16.19", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF", "versionEndExcluding": "5.17.2", "versionStartIncluding": "5.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: socket: free skb in send6 when ipv6 is disabled\n\nI got a memory leak report:\n\nunreferenced object 0xffff8881191fc040 (size 232):\n comm \"kworker/u17:0\", pid 23193, jiffies 4295238848 (age 3464.870s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<ffffffff814c3ef4>] slab_post_alloc_hook+0x84/0x3b0\n [<ffffffff814c8977>] kmem_cache_alloc_node+0x167/0x340\n [<ffffffff832974fb>] __alloc_skb+0x1db/0x200\n [<ffffffff82612b5d>] wg_socket_send_buffer_to_peer+0x3d/0xc0\n [<ffffffff8260e94a>] wg_packet_send_handshake_initiation+0xfa/0x110\n [<ffffffff8260ec81>] wg_packet_handshake_send_worker+0x21/0x30\n [<ffffffff8119c558>] process_one_work+0x2e8/0x770\n [<ffffffff8119ca2a>] worker_thread+0x4a/0x4b0\n [<ffffffff811a88e0>] kthread+0x120/0x160\n [<ffffffff8100242f>] ret_from_fork+0x1f/0x30\n\nIn function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_\nbuffer_to_peer(), the semantics of send6() is required to free skb. But\nwhen CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it\nto fix this bug."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wireguard: socket: skb libre en send6 cuando ipv6 est\u00e1 deshabilitado Recib\u00ed un informe de p\u00e9rdida de memoria: objeto sin referencia 0xffff8881191fc040 (tama\u00f1o 232): comm \"kworker/u17:0\", pid 23193, jiffies 4295238848 (edad 3464.870s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] slab_post_alloc_hook+0x84/0x3b0 [] kmem_cache_alloc_node+0x167/0x340 [] __alloc_skb+0x1db/0x200 [] wg_socket_send_buffer_to_peer+0x3d/0xc0 [] wg_packet_send_handshake_initiation+0xfa/0x110 [] wg_packet_handshake_send_worker+0x21/0x30 [] process_one_work+0x2e8/0x770 [] worker_thread+0x4a/0x4b0 [] kthread+0x120/0x160 [] ret_from_fork+0x1f/0x30 En la funci\u00f3n wg_socket_send_buffer_as_reply_to_skb() o wg_socket_send_buffer_to_peer(), se requiere la sem\u00e1ntica de send6() para liberar skb. Pero cuando CONFIG_IPV6 est\u00e1 deshabilitado, falta kfree_skb(). Este parche lo agrega para corregir este error."}], "id": "CVE-2022-49153", "lastModified": "2025-03-13T21:59:52.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:00:52.533", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/096f9d35cac0a0c95ffafc00db84786b665a4837"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0b19bcb753dbfb74710d12bb2761ec5ed706c726"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/402991a9771587acc2947cf6c4d689c5397f2258"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bbbf962d9460194993ee1943a793a0a0af4a7fbf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ebcc492f4ba14bae54b898f1016a37b4282558d1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}], "bugzilla": {"description": "kernel: wireguard: socket: free skb in send6 when ipv6 is disabled", "id": "2348284", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348284"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwireguard: socket: free skb in send6 when ipv6 is disabled\nI got a memory leak report:\nunreferenced object 0xffff8881191fc040 (size 232):\ncomm \"kworker/u17:0\", pid 23193, jiffies 4295238848 (age 3464.870s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[<ffffffff814c3ef4>] slab_post_alloc_hook+0x84/0x3b0\n[<ffffffff814c8977>] kmem_cache_alloc_node+0x167/0x340\n[<ffffffff832974fb>] __alloc_skb+0x1db/0x200\n[<ffffffff82612b5d>] wg_socket_send_buffer_to_peer+0x3d/0xc0\n[<ffffffff8260e94a>] wg_packet_send_handshake_initiation+0xfa/0x110\n[<ffffffff8260ec81>] wg_packet_handshake_send_worker+0x21/0x30\n[<ffffffff8119c558>] process_one_work+0x2e8/0x770\n[<ffffffff8119ca2a>] worker_thread+0x4a/0x4b0\n[<ffffffff811a88e0>] kthread+0x120/0x160\n[<ffffffff8100242f>] ret_from_fork+0x1f/0x30\nIn function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_\nbuffer_to_peer(), the semantics of send6() is required to free skb. But\nwhen CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it\nto fix this bug.", "A flaw was found in the WireGuard module in the Linux kernel. A memory leak can occur due to a missing memory release when the IPv6 (CONFIG_IPV6) support is disabled, potentially impacting system performance and possibly resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-49153", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49153\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49153\nhttps://lore.kernel.org/linux-cve-announce/2025022609-CVE-2022-49153-972a@gregkh/T"], "statement": "The WireGuard module is not built in the Linux kernel as shipped in Red Hat Enterprise Linux 6, 7 and 8, so this vulnerability does not affect these Red Hat Enterprise Linux versions.\nThis issue has been fixed in Red Hat Enterprise Linux 9.1 via RHSA-2022:8267 [1].\n[1]. https://access.redhat.com/errata/RHSA-2022:8267", "threat_severity": "Low"}