CVE-2022-49020

MEDIUM

Linux Kernel Use-After-Free in p9_socket_open

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix() will return an error directly instead of releasing the cscoket, which will result in a socket leak. This patch adds sock_release() to fix the leak issue.

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443

Patch

https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64

Patch

https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260

Patch

https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748

Patch

https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf

Patch

https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd

Patch

https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd

Patch

https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8

Scores

CVSS v3 5.5

EPSS 0.0023

EPSS Percentile 14.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (27)

linux/Kernel 2.6.33 - 4.9.335linux

linux/Kernel 4.10.0 - 4.14.301linux

linux/Kernel 4.15.0 - 4.19.268linux

linux/Kernel 4.20.0 - 5.4.226linux

linux/Kernel 5.11.0 - 5.15.82linux

linux/Kernel 5.16.0 - 6.0.12linux

linux/Kernel 5.5.0 - 5.10.158linux

Linux/Linux < 2.6.33

Linux/Linux 2.6.33

Linux/Linux 4.14.301 - 4.14.*

... and 17 more

Published Oct 21, 2024

Tracked Since Feb 18, 2026