7.5

CVE-2022-48748

net: bridge: vlan: fix memory leak in __allowed_ingress

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: vlan: fix memory leak in __allowed_ingress

When using per-vlan state, if vlan snooping and stats are disabled,
untagged or priority-tagged ingress frame will go to check pvid state.
If the port state is forwarding and the pvid state is not
learning/forwarding, untagged or priority-tagged frame will be dropped
but skb memory is not freed.
Should free skb when __allowed_ingress returns false.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.6 < 5.10.96
LinuxLinux Kernel Version >= 5.11 < 5.15.19
LinuxLinux Kernel Version >= 5.16 < 5.16.5
LinuxLinux Kernel Version5.17 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.13% 0.621
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://git.kernel.org/stable/c/14be8d448fca6fe7b2a413831eedd55aef6c6511
Patch
https://git.kernel.org/stable/c/446ff1fc37c74093e81db40811a07b5a19f1d797
Patch
https://git.kernel.org/stable/c/c5e216e880fa6f2cd9d4a6541269377657163098
Patch
https://git.kernel.org/stable/c/fd20d9738395cf8e27d0a17eba34169699fccdff
Patch