5.5

CVE-2022-50065

virtio_net: fix memory leak inside XPD_TX with mergeable

In the Linux kernel, the following vulnerability has been resolved:

virtio_net: fix memory leak inside XPD_TX with mergeable

When we call xdp_convert_buff_to_frame() to get xdpf, if it returns
NULL, we should check if xdp_page was allocated by xdp_linearize_page().
If it is newly allocated, it should be freed here alone. Just like any
other "goto err_xdp".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.18 < 5.10.138
LinuxLinux Kernel Version >= 5.11 < 5.15.63
LinuxLinux Kernel Version >= 5.16 < 5.19.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.054
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/faafa2a87f697ee537c29446097e1cc3143506fa
Patch
https://git.kernel.org/stable/c/d3723eab11196475ef83279571b2b0bd0924cf82
Patch
https://git.kernel.org/stable/c/18e383afbd7047af7b055df6e25436e0ce28f8a5
Patch
https://git.kernel.org/stable/c/7a542bee27c6a57e45c33cbbdc963325fd6493af
Patch