In the Linux kernel, the following vulnerability has been resolved:
net: bridge: vlan: fix memory leak in _allowedingress
When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port state is forwarding and the pvid state is not learning/forwarding, untagged or priority-tagged frame will be dropped but skb memory is not freed. Should free skb when _allowedingress returns false.
{ "vanir_signatures": [ { "signature_version": "v1", "target": { "function": "__allowed_ingress", "file": "net/bridge/br_vlan.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e216e880fa6f2cd9d4a6541269377657163098", "deprecated": false, "digest": { "length": 1681.0, "function_hash": "326923174276228188867537030152803593351" }, "id": "CVE-2022-48748-0828dbe8" }, { "signature_version": "v1", "target": { "file": "net/bridge/br_vlan.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@446ff1fc37c74093e81db40811a07b5a19f1d797", "deprecated": false, "digest": { "line_hashes": [ "328322470636905259712992175594953307602", "99947143894288184227871168495575096034", "265674902521929776080191679055146643415", "182202863969396103990503040557053856660", "59099442893263626231590594991466040969", "223806271234802523021061016499458327744", "246330188090670523587592117073528927537" ], "threshold": 0.9 }, "id": "CVE-2022-48748-31173873" }, { "signature_version": "v1", "target": { "file": "net/bridge/br_vlan.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14be8d448fca6fe7b2a413831eedd55aef6c6511", "deprecated": false, "digest": { "line_hashes": [ "117524658548253294002463898835279877201", "99947143894288184227871168495575096034", "265674902521929776080191679055146643415", "182202863969396103990503040557053856660", "59099442893263626231590594991466040969", "223806271234802523021061016499458327744", "246330188090670523587592117073528927537" ], "threshold": 0.9 }, "id": "CVE-2022-48748-519a21b7" }, { "signature_version": "v1", "target": { "function": "__allowed_ingress", "file": "net/bridge/br_vlan.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fd20d9738395cf8e27d0a17eba34169699fccdff", "deprecated": false, "digest": { "length": 1681.0, "function_hash": "326923174276228188867537030152803593351" }, "id": "CVE-2022-48748-6391bf73" }, { "signature_version": "v1", "target": { "file": "net/bridge/br_vlan.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e216e880fa6f2cd9d4a6541269377657163098", "deprecated": false, "digest": { "line_hashes": [ "117524658548253294002463898835279877201", "99947143894288184227871168495575096034", "265674902521929776080191679055146643415", "182202863969396103990503040557053856660", "59099442893263626231590594991466040969", "223806271234802523021061016499458327744", "246330188090670523587592117073528927537" ], "threshold": 0.9 }, "id": "CVE-2022-48748-79de1d4d" }, { "signature_version": "v1", "target": { "function": "__allowed_ingress", "file": "net/bridge/br_vlan.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14be8d448fca6fe7b2a413831eedd55aef6c6511", "deprecated": false, "digest": { "length": 1681.0, "function_hash": "326923174276228188867537030152803593351" }, "id": "CVE-2022-48748-99f6efc3" }, { "signature_version": "v1", "target": { "function": "__allowed_ingress", "file": "net/bridge/br_vlan.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@446ff1fc37c74093e81db40811a07b5a19f1d797", "deprecated": false, "digest": { "length": 1587.0, "function_hash": "8900082106221203404710834787633340093" }, "id": "CVE-2022-48748-b0faf660" }, { "signature_version": "v1", "target": { "file": "net/bridge/br_vlan.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fd20d9738395cf8e27d0a17eba34169699fccdff", "deprecated": false, "digest": { "line_hashes": [ "117524658548253294002463898835279877201", "99947143894288184227871168495575096034", "265674902521929776080191679055146643415", "182202863969396103990503040557053856660", "59099442893263626231590594991466040969", "223806271234802523021061016499458327744", "246330188090670523587592117073528927537" ], "threshold": 0.9 }, "id": "CVE-2022-48748-d21fd01a" } ] }