CVE-2022-49153
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49153
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49153.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49153
- Downstream
- Related
- Published
- 2025-02-26T01:55:18Z
- Modified
- 2025-10-14T21:56:27.212292Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- wireguard: socket: free skb in send6 when ipv6 is disabled
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wireguard: socket: free skb in send6 when ipv6 is disabled
I got a memory leak report:
unreferenced object 0xffff8881191fc040 (size 232): comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff814c3ef4>] slabpostallochook+0x84/0x3b0 [<ffffffff814c8977>] kmemcacheallocnode+0x167/0x340 [<ffffffff832974fb>] _allocskb+0x1db/0x200 [<ffffffff82612b5d>] wgsocketsendbuffertopeer+0x3d/0xc0 [<ffffffff8260e94a>] wgpacketsendhandshakeinitiation+0xfa/0x110 [<ffffffff8260ec81>] wgpackethandshakesendworker+0x21/0x30 [<ffffffff8119c558>] processonework+0x2e8/0x770 [<ffffffff8119ca2a>] workerthread+0x4a/0x4b0 [<ffffffff811a88e0>] kthread+0x120/0x160 [<ffffffff8100242f>] retfromfork+0x1f/0x30
In function wgsocketsendbufferasreplytoskb() or wgsocketsend buffertopeer(), the semantics of send6() is required to free skb. But when CONFIGIPV6 is disable, kfreeskb() is missing. This patch adds it to fix this bug.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/096f9d35cac0a0c95ffafc00db84786b665a4837
- https://git.kernel.org/stable/c/0b19bcb753dbfb74710d12bb2761ec5ed706c726
- https://git.kernel.org/stable/c/402991a9771587acc2947cf6c4d689c5397f2258
- https://git.kernel.org/stable/c/bbbf962d9460194993ee1943a793a0a0af4a7fbf
- https://git.kernel.org/stable/c/ebcc492f4ba14bae54b898f1016a37b4282558d1
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede7096c131e5161fa3b8e52a650d7719d2857adfdFixed096f9d35cac0a0c95ffafc00db84786b665a4837
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede7096c131e5161fa3b8e52a650d7719d2857adfdFixed402991a9771587acc2947cf6c4d689c5397f2258
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede7096c131e5161fa3b8e52a650d7719d2857adfdFixedebcc492f4ba14bae54b898f1016a37b4282558d1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede7096c131e5161fa3b8e52a650d7719d2857adfdFixed0b19bcb753dbfb74710d12bb2761ec5ed706c726
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede7096c131e5161fa3b8e52a650d7719d2857adfdFixedbbbf962d9460194993ee1943a793a0a0af4a7fbf
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.16.17
v5.16.18
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.5
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/wireguard/socket.c"
},
"id": "CVE-2022-49153-0ab027bf",
"digest": {
"line_hashes": [
"246397572943629216418274453019387402008",
"329086242801932719278189082289470966688",
"126234414428435301143627832481254858723",
"270317083931049644052843056272809739170"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@096f9d35cac0a0c95ffafc00db84786b665a4837"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/wireguard/socket.c"
},
"id": "CVE-2022-49153-28795bb9",
"digest": {
"line_hashes": [
"246397572943629216418274453019387402008",
"329086242801932719278189082289470966688",
"126234414428435301143627832481254858723",
"270317083931049644052843056272809739170"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0b19bcb753dbfb74710d12bb2761ec5ed706c726"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/wireguard/socket.c",
"function": "send6"
},
"id": "CVE-2022-49153-424e8153",
"digest": {
"length": 1569.0,
"function_hash": "117022466358305336387956238157619171905"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@402991a9771587acc2947cf6c4d689c5397f2258"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/wireguard/socket.c"
},
"id": "CVE-2022-49153-56c55c7b",
"digest": {
"line_hashes": [
"246397572943629216418274453019387402008",
"329086242801932719278189082289470966688",
"126234414428435301143627832481254858723",
"270317083931049644052843056272809739170"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@402991a9771587acc2947cf6c4d689c5397f2258"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/wireguard/socket.c",
"function": "send6"
},
"id": "CVE-2022-49153-6b4557f6",
"digest": {
"length": 1569.0,
"function_hash": "117022466358305336387956238157619171905"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ebcc492f4ba14bae54b898f1016a37b4282558d1"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/wireguard/socket.c",
"function": "send6"
},
"id": "CVE-2022-49153-709d7034",
"digest": {
"length": 1569.0,
"function_hash": "117022466358305336387956238157619171905"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0b19bcb753dbfb74710d12bb2761ec5ed706c726"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/wireguard/socket.c",
"function": "send6"
},
"id": "CVE-2022-49153-768c87f7",
"digest": {
"length": 1569.0,
"function_hash": "117022466358305336387956238157619171905"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bbbf962d9460194993ee1943a793a0a0af4a7fbf"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/wireguard/socket.c"
},
"id": "CVE-2022-49153-adf053a7",
"digest": {
"line_hashes": [
"246397572943629216418274453019387402008",
"329086242801932719278189082289470966688",
"126234414428435301143627832481254858723",
"270317083931049644052843056272809739170"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bbbf962d9460194993ee1943a793a0a0af4a7fbf"
},
{
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/wireguard/socket.c"
},
"id": "CVE-2022-49153-e8e825cb",
"digest": {
"line_hashes": [
"246397572943629216418274453019387402008",
"329086242801932719278189082289470966688",
"126234414428435301143627832481254858723",
"270317083931049644052843056272809739170"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ebcc492f4ba14bae54b898f1016a37b4282558d1"
},
{
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/wireguard/socket.c",
"function": "send6"
},
"id": "CVE-2022-49153-f9cc6e8a",
"digest": {
"length": 1582.0,
"function_hash": "225893862755924077507213772601262376303"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@096f9d35cac0a0c95ffafc00db84786b665a4837"
}
]
}