CVE-2022-49911
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49911
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49911.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49911
- Downstream
- Published
- 2025-05-01T14:10:53Z
- Modified
- 2025-10-21T11:29:59.896634Z
- Summary
- netfilter: ipset: enforce documented limit to prevent allocating huge memory
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: enforce documented limit to prevent allocating huge memory
Daniel Xu reported that the hash:net,iface type of the ipset subsystem does not limit adding the same network with different interfaces to a set, which can lead to huge memory usage or allocation failure.
The quick reproducer is
$ ipset create ACL.IN.ALLPERMIT hash:net,iface hashsize 1048576 timeout 0 $ for i in $(seq 0 100); do /sbin/ipset add ACL.IN.ALLPERMIT 0.0.0.0/0,kaf_$i timeout 0 -exist; done
The backtrace when vmalloc fails:
[Tue Oct 25 00:13:08 2022] ipset: vmalloc error: size 1073741848, exceeds total pages <...> [Tue Oct 25 00:13:08 2022] Call Trace: [Tue Oct 25 00:13:08 2022] <TASK> [Tue Oct 25 00:13:08 2022] dump_stack_lvl+0x48/0x60 [Tue Oct 25 00:13:08 2022] warn_alloc+0x155/0x180 [Tue Oct 25 00:13:08 2022] __vmalloc_node_range+0x72a/0x760 [Tue Oct 25 00:13:08 2022] ? hash_netiface4_add+0x7c0/0xb20 [Tue Oct 25 00:13:08 2022] ? __kmalloc_large_node+0x4a/0x90 [Tue Oct 25 00:13:08 2022] kvmalloc_node+0xa6/0xd0 [Tue Oct 25 00:13:08 2022] ? hash_netiface4_resize+0x99/0x710 <...>The fix is to enforce the limit documented in the ipset(8) manpage:
The internal restriction of the hash:net,iface set type is that the same network prefix cannot be stored with more than 64 different interfaces in a single set.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedccf0a4b7fc688561428290265e4effde41446668Fixed42d20d5e24575c9afa2d66d9a51e7386db9514f5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedccf0a4b7fc688561428290265e4effde41446668Fixeda37ef32fe5956fe9248df68f6a61997845ba047e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedccf0a4b7fc688561428290265e4effde41446668Fixed510841da1fcc16f702440ab58ef0b4d82a9056b7
Affected versions
v5.*
v5.10
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.1-rc1
v6.1-rc2
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"286171292446105440827641486287806580605",
"49117501602992039538609182098371855386",
"42798869906723895846316090984951149765",
"148873950651148610350953652222397192202",
"153873630163998766041685195413590154902",
"187936780717847131017417895557942191121",
"1612992750259221432447966365188670160",
"100513851010429209284056950939419194748",
"127199586730566230193569550586004780187",
"174464949266225202359134399345948040799",
"184324831566456584999605144131088544258",
"231580672529771810864472418639271347783",
"300759060331216776941457321591971075119",
"202582570410180055671069567069995150167",
"3151620934589059759794148131961661317",
"268296895340015555485740307562649130144",
"22864509175356029170601402582293277152",
"182997128819313712727037252889477357275",
"26466145208299805329516294576057447720",
"61106218980415297143621807000180023938"
]
},
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/ipset/ip_set_hash_gen.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@510841da1fcc16f702440ab58ef0b4d82a9056b7",
"id": "CVE-2022-49911-0756cee9"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "312394271324319372045108959172791664025",
"length": 4614.0
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "mtype_add",
"file": "net/netfilter/ipset/ip_set_hash_gen.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a37ef32fe5956fe9248df68f6a61997845ba047e",
"id": "CVE-2022-49911-24dc95de"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "289225753293717211528116099393402898892",
"length": 196.0
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "tune_bucketsize",
"file": "net/netfilter/ipset/ip_set_hash_gen.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@42d20d5e24575c9afa2d66d9a51e7386db9514f5",
"id": "CVE-2022-49911-3f26d73c"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "312394271324319372045108959172791664025",
"length": 4614.0
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "mtype_add",
"file": "net/netfilter/ipset/ip_set_hash_gen.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@510841da1fcc16f702440ab58ef0b4d82a9056b7",
"id": "CVE-2022-49911-7d013f05"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"286171292446105440827641486287806580605",
"49117501602992039538609182098371855386",
"42798869906723895846316090984951149765",
"148873950651148610350953652222397192202",
"153873630163998766041685195413590154902",
"187936780717847131017417895557942191121",
"1612992750259221432447966365188670160",
"100513851010429209284056950939419194748",
"127199586730566230193569550586004780187",
"174464949266225202359134399345948040799",
"184324831566456584999605144131088544258",
"231580672529771810864472418639271347783",
"300759060331216776941457321591971075119",
"202582570410180055671069567069995150167",
"3151620934589059759794148131961661317",
"268296895340015555485740307562649130144",
"22864509175356029170601402582293277152",
"182997128819313712727037252889477357275",
"26466145208299805329516294576057447720",
"61106218980415297143621807000180023938"
]
},
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/ipset/ip_set_hash_gen.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@42d20d5e24575c9afa2d66d9a51e7386db9514f5",
"id": "CVE-2022-49911-91196d55"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "312394271324319372045108959172791664025",
"length": 4614.0
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "mtype_add",
"file": "net/netfilter/ipset/ip_set_hash_gen.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@42d20d5e24575c9afa2d66d9a51e7386db9514f5",
"id": "CVE-2022-49911-98f6a55d"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "289225753293717211528116099393402898892",
"length": 196.0
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "tune_bucketsize",
"file": "net/netfilter/ipset/ip_set_hash_gen.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a37ef32fe5956fe9248df68f6a61997845ba047e",
"id": "CVE-2022-49911-b2bcb266"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"286171292446105440827641486287806580605",
"49117501602992039538609182098371855386",
"42798869906723895846316090984951149765",
"148873950651148610350953652222397192202",
"153873630163998766041685195413590154902",
"187936780717847131017417895557942191121",
"1612992750259221432447966365188670160",
"100513851010429209284056950939419194748",
"127199586730566230193569550586004780187",
"174464949266225202359134399345948040799",
"184324831566456584999605144131088544258",
"231580672529771810864472418639271347783",
"300759060331216776941457321591971075119",
"202582570410180055671069567069995150167",
"3151620934589059759794148131961661317",
"268296895340015555485740307562649130144",
"22864509175356029170601402582293277152",
"182997128819313712727037252889477357275",
"26466145208299805329516294576057447720",
"61106218980415297143621807000180023938"
]
},
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/netfilter/ipset/ip_set_hash_gen.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a37ef32fe5956fe9248df68f6a61997845ba047e",
"id": "CVE-2022-49911-d91a19aa"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "289225753293717211528116099393402898892",
"length": 196.0
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "tune_bucketsize",
"file": "net/netfilter/ipset/ip_set_hash_gen.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@510841da1fcc16f702440ab58ef0b4d82a9056b7",
"id": "CVE-2022-49911-f4821abe"
}
]