5.5

CVE-2022-49048

ipv6: fix panic when forwarding a pkt with no in6 dev

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix panic when forwarding a pkt with no in6 dev

kongweibin reported a kernel panic in ip6_forward() when input interface
has no in6 dev associated.

The following tc commands were used to reproduce this panic:
tc qdisc del dev vxlan100 root
tc qdisc add dev vxlan100 root netem corrupt 5%
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.199 < 4.19.239
LinuxLinux Kernel Version >= 5.4.136 < 5.4.190
LinuxLinux Kernel Version >= 5.10.54 < 5.10.112
LinuxLinux Kernel Version >= 5.13.6 < 5.14
LinuxLinux Kernel Version >= 5.14.1 < 5.15.35
LinuxLinux Kernel Version >= 5.16 < 5.17.4
LinuxLinux Kernel Version5.14 Update-
LinuxLinux Kernel Version5.14 Updaterc2
LinuxLinux Kernel Version5.14 Updaterc3
LinuxLinux Kernel Version5.14 Updaterc4
LinuxLinux Kernel Version5.14 Updaterc5
LinuxLinux Kernel Version5.14 Updaterc6
LinuxLinux Kernel Version5.14 Updaterc7
LinuxLinux Kernel Version5.18 Updaterc1
LinuxLinux Kernel Version5.18 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.166
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/74b68f5249f16c5f7f675d0f604fa6ae20e3a151
Patch
https://git.kernel.org/stable/c/a263712ba8c9ded25dd9d2d5ced11bcea5b33a3e
Patch
https://git.kernel.org/stable/c/ab2f5afb7af5c68389e8c7dd29e0a98fbeaaa435
Patch
https://git.kernel.org/stable/c/adee01bbf6cb5b3e4ed08be8ff866aac90f13836
Patch
https://git.kernel.org/stable/c/e3fa461d8b0e185b7da8a101fe94dfe6dd500ac0
Patch
https://git.kernel.org/stable/c/e69fb3de87a8923e5931a272a38fa3cceb01da44
Patch