CVE-2022-48643 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()

syzbot is reporting underflow of nft_counters_enabled counter at
nf_tables_addchain() [1], for commit 43eb8949cfdffa76 ("netfilter:
nf_tables: do not leave chain stats enabled on error") missed that
nf_tables_chain_destroy() after nft_basechain_init() in the error path of
nf_tables_addchain() decrements the counter because nft_basechain_init()
makes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.

Increment the counter immediately after returning from
nft_basechain_init().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

References

Link	Providers
https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378
https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91
https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d
https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd
https://lore.kernel.org/linux-cve-announce/2024042856-CVE-2022-48643-7d4b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48643
https://www.cve.org/CVERecord?id=CVE-2022-48643

History

Thu, 19 Dec 2024 09:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-28T13:00:03.181Z

Updated: 2025-05-04T08:20:21.109Z

Reserved: 2024-02-25T13:44:28.316Z

Link: CVE-2022-48643

Vulnrichment

Updated: 2024-08-03T15:17:55.519Z

NVD

Status : Awaiting Analysis

Published: 2024-04-28T13:15:07.040

Modified: 2024-11-21T07:33:40.710

Link: CVE-2022-48643

Redhat

Severity : Low

Publid Date: 2024-04-28T00:00:00Z

Links: CVE-2022-48643 - Bugzilla

OpenCVE Enrichment

Updated: 2025-07-12T22:32:02Z

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48643", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:44:28.316Z", "datePublished": "2024-04-28T13:00:03.181Z", "dateUpdated": "2025-05-04T08:20:21.109Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:20:21.109Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()\n\nsyzbot is reporting underflow of nft_counters_enabled counter at\nnf_tables_addchain() [1], for commit 43eb8949cfdffa76 (\"netfilter:\nnf_tables: do not leave chain stats enabled on error\") missed that\nnf_tables_chain_destroy() after nft_basechain_init() in the error path of\nnf_tables_addchain() decrements the counter because nft_basechain_init()\nmakes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.\n\nIncrement the counter immediately after returning from\nnft_basechain_init()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "c907dfe4eaca9665694a0340de1458a093abe354", "lessThan": "710e3f526bd23a0d33435dedc52c3144de284378", "status": "affected", "versionType": "git"}, {"version": "6d7ddee503951641f3ec6f0e3269446970bbcdab", "lessThan": "91aa52652f4b37089aff3cb53e83049d826fef6d", "status": "affected", "versionType": "git"}, {"version": "98a621ef45e3605c7487f7fa6fec7df94697d6a2", "lessThan": "8bcad2a931313aeba076b76922d5813ef97d0a91", "status": "affected", "versionType": "git"}, {"version": "43eb8949cfdffa764b92bc6c54b87cbe5b0003fe", "lessThan": "921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "5.10.140", "lessThan": "5.10.146", "status": "affected", "versionType": "semver"}, {"version": "5.15.64", "lessThan": "5.15.71", "status": "affected", "versionType": "semver"}, {"version": "5.19.6", "lessThan": "5.19.12", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.140", "versionEndExcluding": "5.10.146"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.64", "versionEndExcluding": "5.15.71"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19.6", "versionEndExcluding": "5.19.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378"}, {"url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d"}, {"url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91"}, {"url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd"}], "title": "netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T19:08:06.507072Z", "id": "CVE-2022-48643", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T19:08:16.224Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.519Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.519Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48643", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T19:08:06.507072Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T19:08:12.454Z"}}], "cna": {"title": "netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "c907dfe4eaca9665694a0340de1458a093abe354", "lessThan": "710e3f526bd23a0d33435dedc52c3144de284378", "versionType": "git"}, {"status": "affected", "version": "6d7ddee503951641f3ec6f0e3269446970bbcdab", "lessThan": "91aa52652f4b37089aff3cb53e83049d826fef6d", "versionType": "git"}, {"status": "affected", "version": "98a621ef45e3605c7487f7fa6fec7df94697d6a2", "lessThan": "8bcad2a931313aeba076b76922d5813ef97d0a91", "versionType": "git"}, {"status": "affected", "version": "43eb8949cfdffa764b92bc6c54b87cbe5b0003fe", "lessThan": "921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd", "versionType": "git"}], "programFiles": ["net/netfilter/nf_tables_api.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10.140", "lessThan": "5.10.146", "versionType": "semver"}, {"status": "affected", "version": "5.15.64", "lessThan": "5.15.71", "versionType": "semver"}, {"status": "affected", "version": "5.19.6", "lessThan": "5.19.12", "versionType": "semver"}], "programFiles": ["net/netfilter/nf_tables_api.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378"}, {"url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d"}, {"url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91"}, {"url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()\n\nsyzbot is reporting underflow of nft_counters_enabled counter at\nnf_tables_addchain() [1], for commit 43eb8949cfdffa76 (\"netfilter:\nnf_tables: do not leave chain stats enabled on error\") missed that\nnf_tables_chain_destroy() after nft_basechain_init() in the error path of\nnf_tables_addchain() decrements the counter because nft_basechain_init()\nmakes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.\n\nIncrement the counter immediately after returning from\nnft_basechain_init()."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.146", "versionStartIncluding": "5.10.140"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.71", "versionStartIncluding": "5.15.64"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.19.12", "versionStartIncluding": "5.19.6"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:20:21.109Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48643", "state": "PUBLISHED", "dateUpdated": "2025-05-04T08:20:21.109Z", "dateReserved": "2024-02-25T13:44:28.316Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-28T13:00:03.181Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()\n\nsyzbot is reporting underflow of nft_counters_enabled counter at\nnf_tables_addchain() [1], for commit 43eb8949cfdffa76 (\"netfilter:\nnf_tables: do not leave chain stats enabled on error\") missed that\nnf_tables_chain_destroy() after nft_basechain_init() in the error path of\nnf_tables_addchain() decrements the counter because nft_basechain_init()\nmakes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.\n\nIncrement the counter immediately after returning from\nnft_basechain_init()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: corrige el desbordamiento de nft_counters_enabled en nf_tables_addchain() syzbot informa el desbordamiento del contador nft_counters_enabled en nf_tables_addchain() [1], para el commit 43eb8949cfdffa76 (\"netfilter: nf_tables: no salir estad\u00edsticas de cadena habilitadas en caso de error\") pas\u00f3 por alto que nf_tables_chain_destroy() despu\u00e9s de nft_basechain_init() en la ruta de error de nf_tables_addchain() disminuye el contador porque nft_basechain_init() hace que nft_is_base_chain() devuelva verdadero al configurar el indicador NFT_CHAIN_BASE. Incrementa el contador inmediatamente despu\u00e9s de regresar de nft_basechain_init()."}], "id": "CVE-2022-48643", "lastModified": "2024-11-21T07:33:40.710", "metrics": {}, "published": "2024-04-28T13:15:07.040", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()", "id": "2277820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277820"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-191", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()\nsyzbot is reporting underflow of nft_counters_enabled counter at\nnf_tables_addchain() [1], for commit 43eb8949cfdffa76 (\"netfilter:\nnf_tables: do not leave chain stats enabled on error\") missed that\nnf_tables_chain_destroy() after nft_basechain_init() in the error path of\nnf_tables_addchain() decrements the counter because nft_basechain_init()\nmakes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.\nIncrement the counter immediately after returning from\nnft_basechain_init()."], "name": "CVE-2022-48643", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48643\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48643\nhttps://lore.kernel.org/linux-cve-announce/2024042856-CVE-2022-48643-7d4b@gregkh/T"], "threat_severity": "Low"}