5.5

CVE-2022-49672

net: tun: unlink NAPI from device on destruction

In the Linux kernel, the following vulnerability has been resolved:

net: tun: unlink NAPI from device on destruction

Syzbot found a race between tun file and device destruction.
NAPIs live in struct tun_file which can get destroyed before
the netdev so we have to del them explicitly. The current
code is missing deleting the NAPI if the queue was detached
first.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.15 < 4.19.251
LinuxLinux Kernel Version >= 4.20 < 5.4.204
LinuxLinux Kernel Version >= 5.5 < 5.10.129
LinuxLinux Kernel Version >= 5.11 < 5.15.53
LinuxLinux Kernel Version >= 5.16 < 5.18.10
LinuxLinux Kernel Version5.19 Updaterc1
LinuxLinux Kernel Version5.19 Updaterc2
LinuxLinux Kernel Version5.19 Updaterc3
LinuxLinux Kernel Version5.19 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.192
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/3b9bc84d311104906d2b4995a9a02d7b7ddab2db
Patch
https://git.kernel.org/stable/c/8145f77d38de4f88b8a69e1463f5c09ba189d77c
Patch
https://git.kernel.org/stable/c/82e729aee59acefe135fceffadcbc5b86dd4f1b9
Patch
https://git.kernel.org/stable/c/8661d4b8faa2f7ee7a559969c0a7c57f077b1728
Patch
https://git.kernel.org/stable/c/a8cf919022373c97a84fe596bbea544f909c485d
Patch
https://git.kernel.org/stable/c/bec1be0a745ab420718217e3e0d9542a75108989
Patch