In the Linux kernel, the following vulnerability has been resolved:
wireguard: socket: free skb in send6 when ipv6 is disabled
I got a memory leak report:
unreferenced object 0xffff8881191fc040 (size 232): comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff814c3ef4>] slabpostallochook+0x84/0x3b0 [<ffffffff814c8977>] kmemcacheallocnode+0x167/0x340 [<ffffffff832974fb>] _allocskb+0x1db/0x200 [<ffffffff82612b5d>] wgsocketsendbuffertopeer+0x3d/0xc0 [<ffffffff8260e94a>] wgpacketsendhandshakeinitiation+0xfa/0x110 [<ffffffff8260ec81>] wgpackethandshakesendworker+0x21/0x30 [<ffffffff8119c558>] processonework+0x2e8/0x770 [<ffffffff8119ca2a>] workerthread+0x4a/0x4b0 [<ffffffff811a88e0>] kthread+0x120/0x160 [<ffffffff8100242f>] retfromfork+0x1f/0x30
In function wgsocketsendbufferasreplytoskb() or wgsocketsend buffertopeer(), the semantics of send6() is required to free skb. But when CONFIGIPV6 is disable, kfreeskb() is missing. This patch adds it to fix this bug.
{ "vanir_signatures": [ { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/net/wireguard/socket.c" }, "id": "CVE-2022-49153-0ab027bf", "digest": { "line_hashes": [ "246397572943629216418274453019387402008", "329086242801932719278189082289470966688", "126234414428435301143627832481254858723", "270317083931049644052843056272809739170" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@096f9d35cac0a0c95ffafc00db84786b665a4837" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/net/wireguard/socket.c" }, "id": "CVE-2022-49153-28795bb9", "digest": { "line_hashes": [ "246397572943629216418274453019387402008", "329086242801932719278189082289470966688", "126234414428435301143627832481254858723", "270317083931049644052843056272809739170" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0b19bcb753dbfb74710d12bb2761ec5ed706c726" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/net/wireguard/socket.c", "function": "send6" }, "id": "CVE-2022-49153-424e8153", "digest": { "length": 1569.0, "function_hash": "117022466358305336387956238157619171905" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@402991a9771587acc2947cf6c4d689c5397f2258" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/net/wireguard/socket.c" }, "id": "CVE-2022-49153-56c55c7b", "digest": { "line_hashes": [ "246397572943629216418274453019387402008", "329086242801932719278189082289470966688", "126234414428435301143627832481254858723", "270317083931049644052843056272809739170" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@402991a9771587acc2947cf6c4d689c5397f2258" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/net/wireguard/socket.c", "function": "send6" }, "id": "CVE-2022-49153-6b4557f6", "digest": { "length": 1569.0, "function_hash": "117022466358305336387956238157619171905" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ebcc492f4ba14bae54b898f1016a37b4282558d1" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/net/wireguard/socket.c", "function": "send6" }, "id": "CVE-2022-49153-709d7034", "digest": { "length": 1569.0, "function_hash": "117022466358305336387956238157619171905" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0b19bcb753dbfb74710d12bb2761ec5ed706c726" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/net/wireguard/socket.c", "function": "send6" }, "id": "CVE-2022-49153-768c87f7", "digest": { "length": 1569.0, "function_hash": "117022466358305336387956238157619171905" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bbbf962d9460194993ee1943a793a0a0af4a7fbf" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/net/wireguard/socket.c" }, "id": "CVE-2022-49153-adf053a7", "digest": { "line_hashes": [ "246397572943629216418274453019387402008", "329086242801932719278189082289470966688", "126234414428435301143627832481254858723", "270317083931049644052843056272809739170" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bbbf962d9460194993ee1943a793a0a0af4a7fbf" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "drivers/net/wireguard/socket.c" }, "id": "CVE-2022-49153-e8e825cb", "digest": { "line_hashes": [ "246397572943629216418274453019387402008", "329086242801932719278189082289470966688", "126234414428435301143627832481254858723", "270317083931049644052843056272809739170" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ebcc492f4ba14bae54b898f1016a37b4282558d1" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "drivers/net/wireguard/socket.c", "function": "send6" }, "id": "CVE-2022-49153-f9cc6e8a", "digest": { "length": 1582.0, "function_hash": "225893862755924077507213772601262376303" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@096f9d35cac0a0c95ffafc00db84786b665a4837" } ] }