CVE-2022-49622

HIGH

Linux Kernel < 5.18.13 - Use-After-Free in Netfilter nf_tables

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid skb access on nf_stolen When verdict is NF_STOLEN, the skb might have been freed. When tracing is enabled, this can result in a use-after-free: 1. access to skb->nf_trace 2. access to skb->mark 3. computation of trace id 4. dump of packet payload To avoid 1, keep a cached copy of skb->nf_trace in the trace state struct. Refresh this copy whenever verdict is != STOLEN. Avoid 2 by skipping skb->mark access if verdict is STOLEN. 3 is avoided by precomputing the trace id. Only dump the packet when verdict is not "STOLEN".

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/0016d5d46d7440729a3132f61a8da3bf7f84e2ba

Patch

https://git.kernel.org/stable/c/e34b9ed96ce3b06c79bf884009b16961ca478f87

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 14.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (9)

linux/Kernel 4.10.0 - 5.18.13linux

Linux/Linux < 4.10

Linux/Linux 4.10

Linux/Linux 5.18.13 - 5.18.*

Linux/Linux 5.19

Linux/Linux 5efa0fc6d7f7930b18801f07cefae8eeacd6ac02 - 0016d5d46d7440729a3132f61a8da3bf7f84e2ba

Linux/Linux 5efa0fc6d7f7930b18801f07cefae8eeacd6ac02 - e34b9ed96ce3b06c79bf884009b16961ca478f87

linux/linux_kernel 5.19 rc1 (4 CPE variants)

linux/linux_kernel < 5.18.13

Published Feb 26, 2025

Tracked Since Feb 18, 2026