Executive Summary

Informations
Name CVE-2022-49853 First vendor Publication 2025-05-01
Vendor Cve Last vendor Modification 2025-05-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

net: macvlan: fix memory leaks of macvlan_common_newlink

kmemleak reports memory leaks in macvlan_common_newlink, as follows:

ip link add link eth0 name .. type macvlan mode source macaddr add

kmemleak reports:

unreferenced object 0xffff8880109bb140 (size 64):
comm "ip", pid 284, jiffies 4294986150 (age 430.108s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 b8 aa 5a 12 80 88 ff ff ..........Z.....
80 1b fa 0d 80 88 ff ff 1e ff ac af c7 c1 6b 6b ..............kk
backtrace:
[] kmem_cache_alloc_trace+0x1c7/0x300
[] macvlan_hash_add_source+0x45/0xc0
[] macvlan_changelink_sources+0xd7/0x170
[] macvlan_common_newlink+0x38c/0x5a0
[] macvlan_newlink+0xe/0x20
[] __rtnl_newlink+0x7af/0xa50
[] rtnl_newlink+0x48/0x70
...

In the scenario where the macvlan mode is configured as 'source', macvlan_changelink_sources() will be execured to reconfigure list of remote source mac addresses, at the same time, if register_netdevice() return an error, the resource generated by macvlan_changelink_sources() is not cleaned up.

Using this patch, in the case of an error, it will execute macvlan_flush_sources() to ensure that the resource is cleaned up.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49853

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3564

Sources (Detail)

https://git.kernel.org/stable/c/21d3a8b6a1e39e7529ce9de07316ee13a63f305b
https://git.kernel.org/stable/c/23569b5652ee8e8e55a12f7835f59af6f3cefc30
https://git.kernel.org/stable/c/685e73e3f7a9fb75cbf049a9d0b7c45cc6b57b2e
https://git.kernel.org/stable/c/956e0216a19994443c90ba2ea6b0b284c9c4f9cb
https://git.kernel.org/stable/c/9ea003c4671b2fc455320ecf6d4a43b0a3c1878a
https://git.kernel.org/stable/c/9f288e338be206713d79b29144c27fca4503c39b
https://git.kernel.org/stable/c/a81b44d1df1f07f00c0dcc0a0b3d2fa24a46289e
https://git.kernel.org/stable/c/a8d67367ab33604326cc37ab44fd1801bf5691ba
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2025-06-24 02:14:59
  • Multiple Updates
2025-05-27 13:24:00
  • Multiple Updates
2025-05-27 02:12:15
  • First insertion