CVE-2022-49958

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49958
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49958.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49958
Related
Published
2025-06-18T11:15:23Z
Modified
2025-06-18T16:46:01.060829Z
Downstream
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: fix netdevice reference leaks in attachdefaultqdiscs()

In attachdefaultqdiscs(), if a dev has multiple queues and queue 0 fails to attach qdisc because there is no memory in attachonedefaultqdisc(). Then dev->qdisc will be noopqdisc by default. But the other queues may be able to successfully attach to default qdisc.

In this case, the fallback to noqueue process will be triggered. If the original attached qdisc is not released and a new one is directly attached, this will cause netdevice reference leaks.

The following is the bug log:

veth0: default qdisc (fqcodel) fail, fallback to noqueue unregisternetdevice: waiting for veth0 to become free. Usage count = 32 leaked reference. qdiscalloc+0x12e/0x210 qdisccreatedflt+0x62/0x140 attachonedefaultqdisc.constprop.41+0x44/0x70 devactivate+0x128/0x290 devopen+0x12a/0x190 _devchangeflags+0x1a2/0x1f0 devchangeflags+0x23/0x60 dosetlink+0x332/0x1150 _rtnlnewlink+0x52f/0x8e0 rtnlnewlink+0x43/0x70 rtnetlinkrcvmsg+0x140/0x3b0 netlinkrcvskb+0x50/0x100 netlinkunicast+0x1bb/0x290 netlinksendmsg+0x37c/0x4e0 socksendmsg+0x5f/0x70 sys_sendmsg+0x208/0x280

Fix this bug by clearing any non-noop qdiscs that may have been assigned before trying to re-attach.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.148-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}