CVE-2022-48748

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48748
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48748.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48748
Downstream
Related
Published
2024-06-20T11:13:30Z
Modified
2025-10-14T21:05:15.075700Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
net: bridge: vlan: fix memory leak in __allowed_ingress
Details

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: vlan: fix memory leak in _allowedingress

When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port state is forwarding and the pvid state is not learning/forwarding, untagged or priority-tagged frame will be dropped but skb memory is not freed. Should free skb when _allowedingress returns false.

References

Affected packages

Linux

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
5.10.96
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.19
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.16.5

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
a580c76d534c
Fixed
446ff1fc37c7

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
a580c76d534c
Fixed
c5e216e880fa

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
a580c76d534c
Fixed
14be8d448fca

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
a580c76d534c
Fixed
fd20d9738395

Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
5.6

Git

git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a580c76d534c7360ba68042b19cb255e8420e987
Fixed
446ff1fc37c74093e81db40811a07b5a19f1d797
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a580c76d534c7360ba68042b19cb255e8420e987
Fixed
c5e216e880fa6f2cd9d4a6541269377657163098
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a580c76d534c7360ba68042b19cb255e8420e987
Fixed
14be8d448fca6fe7b2a413831eedd55aef6c6511
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a580c76d534c7360ba68042b19cb255e8420e987
Fixed
fd20d9738395cf8e27d0a17eba34169699fccdff

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.2
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.2
v5.16.3
v5.16.4
v5.5
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

Database specific

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "function": "__allowed_ingress",
                "file": "net/bridge/br_vlan.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e216e880fa6f2cd9d4a6541269377657163098",
            "deprecated": false,
            "digest": {
                "length": 1681.0,
                "function_hash": "326923174276228188867537030152803593351"
            },
            "id": "CVE-2022-48748-0828dbe8"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "net/bridge/br_vlan.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@446ff1fc37c74093e81db40811a07b5a19f1d797",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "328322470636905259712992175594953307602",
                    "99947143894288184227871168495575096034",
                    "265674902521929776080191679055146643415",
                    "182202863969396103990503040557053856660",
                    "59099442893263626231590594991466040969",
                    "223806271234802523021061016499458327744",
                    "246330188090670523587592117073528927537"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2022-48748-31173873"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "net/bridge/br_vlan.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14be8d448fca6fe7b2a413831eedd55aef6c6511",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "117524658548253294002463898835279877201",
                    "99947143894288184227871168495575096034",
                    "265674902521929776080191679055146643415",
                    "182202863969396103990503040557053856660",
                    "59099442893263626231590594991466040969",
                    "223806271234802523021061016499458327744",
                    "246330188090670523587592117073528927537"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2022-48748-519a21b7"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "__allowed_ingress",
                "file": "net/bridge/br_vlan.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fd20d9738395cf8e27d0a17eba34169699fccdff",
            "deprecated": false,
            "digest": {
                "length": 1681.0,
                "function_hash": "326923174276228188867537030152803593351"
            },
            "id": "CVE-2022-48748-6391bf73"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "net/bridge/br_vlan.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c5e216e880fa6f2cd9d4a6541269377657163098",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "117524658548253294002463898835279877201",
                    "99947143894288184227871168495575096034",
                    "265674902521929776080191679055146643415",
                    "182202863969396103990503040557053856660",
                    "59099442893263626231590594991466040969",
                    "223806271234802523021061016499458327744",
                    "246330188090670523587592117073528927537"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2022-48748-79de1d4d"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "__allowed_ingress",
                "file": "net/bridge/br_vlan.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@14be8d448fca6fe7b2a413831eedd55aef6c6511",
            "deprecated": false,
            "digest": {
                "length": 1681.0,
                "function_hash": "326923174276228188867537030152803593351"
            },
            "id": "CVE-2022-48748-99f6efc3"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "__allowed_ingress",
                "file": "net/bridge/br_vlan.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@446ff1fc37c74093e81db40811a07b5a19f1d797",
            "deprecated": false,
            "digest": {
                "length": 1587.0,
                "function_hash": "8900082106221203404710834787633340093"
            },
            "id": "CVE-2022-48748-b0faf660"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "net/bridge/br_vlan.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fd20d9738395cf8e27d0a17eba34169699fccdff",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "117524658548253294002463898835279877201",
                    "99947143894288184227871168495575096034",
                    "265674902521929776080191679055146643415",
                    "182202863969396103990503040557053856660",
                    "59099442893263626231590594991466040969",
                    "223806271234802523021061016499458327744",
                    "246330188090670523587592117073528927537"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2022-48748-d21fd01a"
        }
    ]
}