Executive Summary

Informations
Name CVE-2022-49153 First vendor Publication 2025-02-26
Vendor Cve Last vendor Modification 2025-03-13

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

wireguard: socket: free skb in send6 when ipv6 is disabled

I got a memory leak report:

unreferenced object 0xffff8881191fc040 (size 232):
comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[] slab_post_alloc_hook+0x84/0x3b0
[] kmem_cache_alloc_node+0x167/0x340
[] __alloc_skb+0x1db/0x200
[] wg_socket_send_buffer_to_peer+0x3d/0xc0
[] wg_packet_send_handshake_initiation+0xfa/0x110
[] wg_packet_handshake_send_worker+0x21/0x30
[] process_one_work+0x2e8/0x770
[] worker_thread+0x4a/0x4b0
[] kthread+0x120/0x160
[] ret_from_fork+0x1f/0x30

In function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_ buffer_to_peer(), the semantics of send6() is required to free skb. But when CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it to fix this bug.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49153

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 7
Os 3527

Sources (Detail)

https://git.kernel.org/stable/c/096f9d35cac0a0c95ffafc00db84786b665a4837
https://git.kernel.org/stable/c/0b19bcb753dbfb74710d12bb2761ec5ed706c726
https://git.kernel.org/stable/c/402991a9771587acc2947cf6c4d689c5397f2258
https://git.kernel.org/stable/c/bbbf962d9460194993ee1943a793a0a0af4a7fbf
https://git.kernel.org/stable/c/ebcc492f4ba14bae54b898f1016a37b4282558d1
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2025-06-26 02:09:18
  • Multiple Updates
2025-06-25 12:22:09
  • Multiple Updates
2025-06-24 02:13:54
  • Multiple Updates
2025-05-27 02:09:29
  • Multiple Updates
2025-03-29 03:14:19
  • Multiple Updates
2025-03-28 13:34:42
  • Multiple Updates
2025-03-28 02:56:47
  • Multiple Updates
2025-03-19 00:21:25
  • Multiple Updates
2025-03-18 00:21:14
  • Multiple Updates
2025-03-14 00:21:38
  • Multiple Updates
2025-02-26 17:20:33
  • First insertion