CVE-2022-49013

EPSS 0.12%
Veröffentlicht 21.10.2024 20:15:12
Zuletzt bearbeitet 24.10.2024 19:09:30
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

sctp: fix memory leak in sctp_stream_outq_migrate()

In the Linux kernel, the following vulnerability has been resolved:

sctp: fix memory leak in sctp_stream_outq_migrate()

When sctp_stream_outq_migrate() is called to release stream out resources,
the memory pointed to by prio_head in stream out is not released.

The memory leak information is as follows:
 unreferenced object 0xffff88801fe79f80 (size 64):
   comm "sctp_repo", pid 7957, jiffies 4294951704 (age 36.480s)
   hex dump (first 32 bytes):
     80 9f e7 1f 80 88 ff ff 80 9f e7 1f 80 88 ff ff  ................
     90 9f e7 1f 80 88 ff ff 90 9f e7 1f 80 88 ff ff  ................
   backtrace:
     [<ffffffff81b215c6>] kmalloc_trace+0x26/0x60
     [<ffffffff88ae517c>] sctp_sched_prio_set+0x4cc/0x770
     [<ffffffff88ad64f2>] sctp_stream_init_ext+0xd2/0x1b0
     [<ffffffff88aa2604>] sctp_sendmsg_to_asoc+0x1614/0x1a30
     [<ffffffff88ab7ff1>] sctp_sendmsg+0xda1/0x1ef0
     [<ffffffff87f765ed>] inet_sendmsg+0x9d/0xe0
     [<ffffffff8754b5b3>] sock_sendmsg+0xd3/0x120
     [<ffffffff8755446a>] __sys_sendto+0x23a/0x340
     [<ffffffff87554651>] __x64_sys_sendto+0xe1/0x1b0
     [<ffffffff89978b49>] do_syscall_64+0x39/0xb0
     [<ffffffff89a0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 11 VulnDex Vulnerability Enrichment 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.15 < 5.4.226

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.158

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.82

Linux ≫ Linux Kernel Version >= 5.16 < 6.0.12

Linux ≫ Linux Kernel Version6.1 Updaterc1

Linux ≫ Linux Kernel Version6.1 Updaterc2

Linux ≫ Linux Kernel Version6.1 Updaterc3

Linux ≫ Linux Kernel Version6.1 Updaterc4

Linux ≫ Linux Kernel Version6.1 Updaterc5

Linux ≫ Linux Kernel Version6.1 Updaterc6

Linux ≫ Linux Kernel Version6.1 Updaterc7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.309

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/0dfb9a566327182387c90100ea54d8426cee8c67

Patch

https://git.kernel.org/stable/c/176ee6c673ccd118e9392fd2dbb165423bdb99ca

Patch

https://git.kernel.org/stable/c/9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9

Patch

https://git.kernel.org/stable/c/a7555681e50bdebed2c40ff7404ee73c2e932993

Patch

https://git.kernel.org/stable/c/fa20f88271259d42ebe66f0a8c4c20199e888c99

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49013

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49013

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49013

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-49013