U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2022-48911 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet and need to indicate an error. The packet will be dropped by the caller. v2: split skb prefetch hunk into separate change


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/21b27b2baa27423286e9b8d3f0b194d587083d95 Patch 
https://git.kernel.org/stable/c/34dc4a6a7f261736ef7183868a5bddad31c7f9e3 Patch 
https://git.kernel.org/stable/c/43c25da41e3091b31a906651a43e80a2719aa1ff Patch 
https://git.kernel.org/stable/c/4d05239203fa38ea8a6f31e228460da4cb17a71a Patch 
https://git.kernel.org/stable/c/c3873070247d9e3c7a6b0cf9bf9b45e8018427b1 Patch 
https://git.kernel.org/stable/c/dcc3cb920bf7ba66ac5e9272293a9ba5f80917ee Patch 
https://git.kernel.org/stable/c/dd648bd1b33a828f62befa696b206c688da0ec43 Patch 
https://git.kernel.org/stable/c/ef97921ccdc243170fcef857ba2a17cf697aece5 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-416 Use After Free cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2022-48911
NVD Published Date:
08/21/2024
NVD Last Modified:
09/12/2024
Source:
kernel.org