CVE-2022-49204

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49204

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49204.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-49204

Related

Published

2025-02-26T07:00:57Z

Modified

2025-02-26T19:01:04.798872Z

Downstream

SUSE-SU-2025:1293-1

SUSE-SU-2025:1176-1

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Fix more uncharged while msg has more_data

In tcpbpfsendverdict(), if msg has more data after tcpbpfsendmsgredir():

tcpbpfsendverdict() tosend = msg->sg.size //msg->sg.size = 22220 case _SKREDIRECT: skmsgreturn() //uncharged msg->sg.size(22220) sk->skforwardalloc tcpbpfsendmsgredir() //after tcpbpfsendmsgredir, msg->sg.size=11000 goto moredata; tosend = msg->sg.size //msg->sg.size = 11000 case _SKREDIRECT: skmsgreturn() //uncharged msg->sg.size(11000) to sk->skforwardalloc

The msg->sg.size(11000) has been uncharged twice, to fix we can charge the remaining msg->sg.size before goto more data.

This issue can cause the following info: WARNING: CPU: 0 PID: 9860 at net/core/stream.c:208 skstreamkillqueues+0xd4/0x1a0 Call Trace: <TASK> inetcskdestroysock+0x55/0x110 _tcpclose+0x279/0x470 tcpclose+0x1f/0x60 inetrelease+0x3f/0x80 _sockrelease+0x3d/0xb0 sockclose+0x11/0x20 _fput+0x92/0x250 taskworkrun+0x6a/0xa0 doexit+0x33b/0xb60 dogroupexit+0x2f/0xa0 getsignal+0xb6/0x950 archdosignalorrestart+0xac/0x2a0 ? vfswrite+0x237/0x290 exittousermodeprepare+0xa9/0x200 syscallexittousermode+0x12/0x30 dosyscall64+0x46/0x80 entrySYSCALL64after_hwframe+0x44/0xae </TASK>

WARNING: CPU: 0 PID: 2136 at net/ipv4/afinet.c:155 inetsockdestruct+0x13c/0x260 Call Trace: <TASK> _skdestruct+0x24/0x1f0 skpsockdestroy+0x19b/0x1c0 processonework+0x1b3/0x3c0 workerthread+0x30/0x350 ? processonework+0x3c0/0x3c0 kthread+0xe6/0x110 ? kthreadcompleteandexit+0x20/0x20 retfrom_fork+0x22/0x30 </TASK>

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.113-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}