CVE-2022-49008

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49008
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49008.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49008
Downstream
Published
2024-10-21T20:06:20.158Z
Modified
2026-04-02T08:27:13.446374Z
Summary
can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down
Details

In the Linux kernel, the following vulnerability has been resolved:

can: can327: can327feedframetonetdev(): fix potential skb leak when netdev is down

In can327feedframetonetdev(), it did not free the skb when netdev is down, and all callers of can327feedframetonetdev() did not free allocated skb too. That would trigger skb leak.

Fix it by adding kfreeskb() in can327feedframeto_netdev() when netdev is down. Not tested, just compiled.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49008.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
43da2f07622f41376c7ddab8f73dc2b1d3ab9715
Fixed
797b1d9fc0e1f4351e4ad49b078c1a3cdc0d4a08
Fixed
8fa452cfafed521aaf5a18c71003fe24b1ee6141

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49008.json"