CVE-2022-48643 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() syzbot is reporting underflow of nft_counters_enabled counter at nf_tables_addchain() [1], for commit 43eb8949cfdffa76 ("netfilter: nf_tables: do not leave chain stats enabled on error") missed that nf_tables_chain_destroy() after nft_basechain_init() in the error path of nf_tables_addchain() decrements the counter because nft_basechain_init() makes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag. Increment the counter immediately after returning from nft_basechain_init().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378
https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91
https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d
https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd
https://lore.kernel.org/linux-cve-announce/2024042856-CVE-2022-48643-7d4b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48643
https://www.cve.org/CVERecord?id=CVE-2022-48643

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-28T13:00:03.181Z

Updated: 2024-11-04T12:13:50.570Z

Reserved: 2024-02-25T13:44:28.316Z

Link: CVE-2022-48643

Vulnrichment

Updated: 2024-08-03T15:17:55.519Z

NVD

Status : Awaiting Analysis

Published: 2024-04-28T13:15:07.040

Modified: 2024-04-29T12:42:03.667

Link: CVE-2022-48643

Redhat

Severity : Low

Publid Date: 2024-04-28T00:00:00Z

Links: CVE-2022-48643 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48643", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:44:28.316Z", "datePublished": "2024-04-28T13:00:03.181Z", "dateUpdated": "2024-11-04T12:13:50.570Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:13:50.570Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()\n\nsyzbot is reporting underflow of nft_counters_enabled counter at\nnf_tables_addchain() [1], for commit 43eb8949cfdffa76 (\"netfilter:\nnf_tables: do not leave chain stats enabled on error\") missed that\nnf_tables_chain_destroy() after nft_basechain_init() in the error path of\nnf_tables_addchain() decrements the counter because nft_basechain_init()\nmakes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.\n\nIncrement the counter immediately after returning from\nnft_basechain_init()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "c907dfe4eaca", "lessThan": "710e3f526bd2", "status": "affected", "versionType": "git"}, {"version": "6d7ddee50395", "lessThan": "91aa52652f4b", "status": "affected", "versionType": "git"}, {"version": "98a621ef45e3", "lessThan": "8bcad2a93131", "status": "affected", "versionType": "git"}, {"version": "43eb8949cfdf", "lessThan": "921ebde3c0d2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "5.10.140", "lessThan": "5.10.146", "status": "affected", "versionType": "semver"}, {"version": "5.15.64", "lessThan": "5.15.71", "status": "affected", "versionType": "semver"}, {"version": "5.19.6", "lessThan": "5.19.12", "status": "affected", "versionType": "semver"}]}], "references": [{"url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378"}, {"url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d"}, {"url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91"}, {"url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd"}], "title": "netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T19:08:06.507072Z", "id": "CVE-2022-48643", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T19:08:16.224Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.519Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.519Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48643", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T19:08:06.507072Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T19:08:12.454Z"}}], "cna": {"title": "netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "c907dfe4eaca", "lessThan": "710e3f526bd2", "versionType": "git"}, {"status": "affected", "version": "6d7ddee50395", "lessThan": "91aa52652f4b", "versionType": "git"}, {"status": "affected", "version": "98a621ef45e3", "lessThan": "8bcad2a93131", "versionType": "git"}, {"status": "affected", "version": "43eb8949cfdf", "lessThan": "921ebde3c0d2", "versionType": "git"}], "programFiles": ["net/netfilter/nf_tables_api.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10.140", "lessThan": "5.10.146", "versionType": "custom"}, {"status": "affected", "version": "5.15.64", "lessThan": "5.15.71", "versionType": "custom"}, {"status": "affected", "version": "5.19.6", "lessThan": "5.19.12", "versionType": "custom"}], "programFiles": ["net/netfilter/nf_tables_api.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378"}, {"url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d"}, {"url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91"}, {"url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()\n\nsyzbot is reporting underflow of nft_counters_enabled counter at\nnf_tables_addchain() [1], for commit 43eb8949cfdffa76 (\"netfilter:\nnf_tables: do not leave chain stats enabled on error\") missed that\nnf_tables_chain_destroy() after nft_basechain_init() in the error path of\nnf_tables_addchain() decrements the counter because nft_basechain_init()\nmakes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.\n\nIncrement the counter immediately after returning from\nnft_basechain_init()."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:10:44.655Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48643", "state": "PUBLISHED", "dateUpdated": "2024-08-03T15:17:55.519Z", "dateReserved": "2024-02-25T13:44:28.316Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-28T13:00:03.181Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()", "id": "2277820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277820"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-191", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()\nsyzbot is reporting underflow of nft_counters_enabled counter at\nnf_tables_addchain() [1], for commit 43eb8949cfdffa76 (\"netfilter:\nnf_tables: do not leave chain stats enabled on error\") missed that\nnf_tables_chain_destroy() after nft_basechain_init() in the error path of\nnf_tables_addchain() decrements the counter because nft_basechain_init()\nmakes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.\nIncrement the counter immediately after returning from\nnft_basechain_init()."], "name": "CVE-2022-48643", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48643\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48643\nhttps://lore.kernel.org/linux-cve-announce/2024042856-CVE-2022-48643-7d4b@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.10.146, kernel 5.15.71, kernel 5.19.12"}