In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: re-fetch conntrack after insertion
In case the conntrack is clashing, insertion can free skb->nfct and set skb->nfct to the already-confirmed entry.
This wasn't found before because the conntrack entry and the extension space used to free'd after an rcu grace period, plus the race needs events enabled to trigger.
[
{
"id": "CVE-2022-49561-0069036a",
"signature_type": "Line",
"digest": {
"line_hashes": [
"258423170673164249874225169958676937624",
"17725186090737718401662273269805958232",
"103626901227993893001840961495056030949",
"84110679514103826857787644055000671968",
"301091000977355869271061103236223328133"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@04e4a11dc723c52db7a36dc58f0d69ce6426f8f0",
"deprecated": false
},
{
"id": "CVE-2022-49561-17482c6e",
"signature_type": "Function",
"digest": {
"length": 258.0,
"function_hash": "294168941102737841332302352951687414435"
},
"signature_version": "v1",
"target": {
"function": "nf_conntrack_confirm",
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e97222b785e70e8973281666d709baad6523d8af",
"deprecated": false
},
{
"id": "CVE-2022-49561-1d281ddd",
"signature_type": "Line",
"digest": {
"line_hashes": [
"258423170673164249874225169958676937624",
"17725186090737718401662273269805958232",
"103626901227993893001840961495056030949",
"84110679514103826857787644055000671968",
"301091000977355869271061103236223328133"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@01989d7eebb61c99bd4b88ebc8e261bd2f02caed",
"deprecated": false
},
{
"id": "CVE-2022-49561-2596696d",
"signature_type": "Function",
"digest": {
"length": 258.0,
"function_hash": "294168941102737841332302352951687414435"
},
"signature_version": "v1",
"target": {
"function": "nf_conntrack_confirm",
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@01989d7eebb61c99bd4b88ebc8e261bd2f02caed",
"deprecated": false
},
{
"id": "CVE-2022-49561-49631862",
"signature_type": "Line",
"digest": {
"line_hashes": [
"258423170673164249874225169958676937624",
"17725186090737718401662273269805958232",
"103626901227993893001840961495056030949",
"84110679514103826857787644055000671968",
"301091000977355869271061103236223328133"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@04f9e9104c969d8ce10a4a43634f641ed082092d",
"deprecated": false
},
{
"id": "CVE-2022-49561-4c1660cb",
"signature_type": "Line",
"digest": {
"line_hashes": [
"258423170673164249874225169958676937624",
"17725186090737718401662273269805958232",
"103626901227993893001840961495056030949",
"84110679514103826857787644055000671968",
"301091000977355869271061103236223328133"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@91a36ec160ec1a0c8f5352b772dffcbb0b6023e3",
"deprecated": false
},
{
"id": "CVE-2022-49561-7395baf4",
"signature_type": "Line",
"digest": {
"line_hashes": [
"258423170673164249874225169958676937624",
"17725186090737718401662273269805958232",
"179970013167681921596205050270703511226",
"183971903626501131390109128903569200512",
"294714902859269707448668972274461944308"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56b14ecec97f39118bf85c9ac2438c5a949509ed",
"deprecated": false
},
{
"id": "CVE-2022-49561-73e3599a",
"signature_type": "Line",
"digest": {
"line_hashes": [
"258423170673164249874225169958676937624",
"17725186090737718401662273269805958232",
"103626901227993893001840961495056030949",
"84110679514103826857787644055000671968",
"301091000977355869271061103236223328133"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b16bb373988da3ceb0308381634117e18b6ec60d",
"deprecated": false
},
{
"id": "CVE-2022-49561-75d6a5fa",
"signature_type": "Function",
"digest": {
"length": 258.0,
"function_hash": "294168941102737841332302352951687414435"
},
"signature_version": "v1",
"target": {
"function": "nf_conntrack_confirm",
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b16bb373988da3ceb0308381634117e18b6ec60d",
"deprecated": false
},
{
"id": "CVE-2022-49561-7b199a2c",
"signature_type": "Line",
"digest": {
"line_hashes": [
"258423170673164249874225169958676937624",
"17725186090737718401662273269805958232",
"103626901227993893001840961495056030949",
"84110679514103826857787644055000671968",
"301091000977355869271061103236223328133"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e97222b785e70e8973281666d709baad6523d8af",
"deprecated": false
},
{
"id": "CVE-2022-49561-8ffe7264",
"signature_type": "Line",
"digest": {
"line_hashes": [
"258423170673164249874225169958676937624",
"17725186090737718401662273269805958232",
"103626901227993893001840961495056030949",
"84110679514103826857787644055000671968",
"301091000977355869271061103236223328133"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@92a999d1963eed0df666284e20055136ceabd12f",
"deprecated": false
},
{
"id": "CVE-2022-49561-d8637f61",
"signature_type": "Function",
"digest": {
"length": 258.0,
"function_hash": "294168941102737841332302352951687414435"
},
"signature_version": "v1",
"target": {
"function": "nf_conntrack_confirm",
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@04f9e9104c969d8ce10a4a43634f641ed082092d",
"deprecated": false
},
{
"id": "CVE-2022-49561-e06007c1",
"signature_type": "Function",
"digest": {
"length": 258.0,
"function_hash": "294168941102737841332302352951687414435"
},
"signature_version": "v1",
"target": {
"function": "nf_conntrack_confirm",
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@92a999d1963eed0df666284e20055136ceabd12f",
"deprecated": false
},
{
"id": "CVE-2022-49561-ed843f09",
"signature_type": "Function",
"digest": {
"length": 258.0,
"function_hash": "294168941102737841332302352951687414435"
},
"signature_version": "v1",
"target": {
"function": "nf_conntrack_confirm",
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@91a36ec160ec1a0c8f5352b772dffcbb0b6023e3",
"deprecated": false
},
{
"id": "CVE-2022-49561-f059ec83",
"signature_type": "Function",
"digest": {
"length": 265.0,
"function_hash": "201996766099484778905778370130953006719"
},
"signature_version": "v1",
"target": {
"function": "nf_conntrack_confirm",
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56b14ecec97f39118bf85c9ac2438c5a949509ed",
"deprecated": false
},
{
"id": "CVE-2022-49561-f786652d",
"signature_type": "Function",
"digest": {
"length": 258.0,
"function_hash": "294168941102737841332302352951687414435"
},
"signature_version": "v1",
"target": {
"function": "nf_conntrack_confirm",
"file": "include/net/netfilter/nf_conntrack_core.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@04e4a11dc723c52db7a36dc58f0d69ce6426f8f0",
"deprecated": false
}
]