CVE-2022-49672
Last modified
CVE-2022-49672 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device destruction. NAPIs live in struct tun_file which can get destroyed before the netdev so we have to del them explicitly. The current code is missing deleting the NAPI if the queue was detached first.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device destruction. NAPIs live in struct tun_file which can get destroyed before the netdev so we have to del them explicitly. The current code is missing deleting the NAPI if the queue was detached first.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | >= 4.15, < 4.19.251 | — |
| Linux | Linux Kernel | >= 4.20, < 5.4.204 | — |
| Linux | Linux Kernel | >= 5.5, < 5.10.129 | — |
| Linux | Linux Kernel | >= 5.11, < 5.15.53 | — |
| Linux | Linux Kernel | >= 5.16, < 5.18.10 | — |
| Linux | Linux Kernel | 5.19 | Rc1 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2022-49672?
How severe is CVE-2022-49672?
How do I fix CVE-2022-49672?
Are you affected by CVE-2022-49672?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST