{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48933", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T06:06:23.299Z", "datePublished": "2024-08-22T03:31:27.165Z", "dateUpdated": "2024-09-12T17:32:59.806Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-22T03:31:27.165Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memory leak during stateful obj update\n\nstateful objects can be updated from the control plane.\nThe transaction logic allocates a temporary object for this purpose.\n\nThe ->init function was called for this object, so plain kfree() leaks\nresources. We must call ->destroy function of the object.\n\nnft_obj_destroy does this, but it also decrements the module refcount,\nbut the update path doesn't increment it.\n\nTo avoid special-casing the update object release, do module_get for\nthe update case too and release it via nft_obj_destroy()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "d62d0ba97b58", "lessThan": "53026346a94c", "status": "affected", "versionType": "git"}, {"version": "d62d0ba97b58", "lessThan": "7e9880e81d3f", "status": "affected", "versionType": "git"}, {"version": "d62d0ba97b58", "lessThan": "e96e204ee6fa", "status": "affected", "versionType": "git"}, {"version": "d62d0ba97b58", "lessThan": "34bb90e407e3", "status": "affected", "versionType": "git"}, {"version": "d62d0ba97b58", "lessThan": "dad3bdeef45f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "5.4", "status": "affected"}, {"version": "0", "lessThan": "5.4", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.182", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.103", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.26", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.12", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/53026346a94c43f35c32b18804041bc483271d87"}, {"url": "https://git.kernel.org/stable/c/7e9880e81d3fd6a43c202f205717485290432826"}, {"url": "https://git.kernel.org/stable/c/e96e204ee6fa46702f6c94c3c69a09e69e0eac52"}, {"url": "https://git.kernel.org/stable/c/34bb90e407e3288f610558beaae54ecaa32b11c4"}, {"url": "https://git.kernel.org/stable/c/dad3bdeef45f81a6e90204bcc85360bb76eccec7"}], "title": "netfilter: nf_tables: fix memory leak during stateful obj update", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48933", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:32:43.489248Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:32:59.806Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48933", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:32:43.489248Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:12.637Z"}}], "cna": {"title": "netfilter: nf_tables: fix memory leak during stateful obj update", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "d62d0ba97b58", "lessThan": "53026346a94c", "versionType": "git"}, {"status": "affected", "version": "d62d0ba97b58", "lessThan": "7e9880e81d3f", "versionType": "git"}, {"status": "affected", "version": "d62d0ba97b58", "lessThan": "e96e204ee6fa", "versionType": "git"}, {"status": "affected", "version": "d62d0ba97b58", "lessThan": "34bb90e407e3", "versionType": "git"}, {"status": "affected", "version": "d62d0ba97b58", "lessThan": "dad3bdeef45f", "versionType": "git"}], "programFiles": ["net/netfilter/nf_tables_api.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.4"}, {"status": "unaffected", "version": "0", "lessThan": "5.4", "versionType": "custom"}, {"status": "unaffected", "version": "5.4.182", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.103", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.26", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.12", "versionType": "custom", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/netfilter/nf_tables_api.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/53026346a94c43f35c32b18804041bc483271d87"}, {"url": "https://git.kernel.org/stable/c/7e9880e81d3fd6a43c202f205717485290432826"}, {"url": "https://git.kernel.org/stable/c/e96e204ee6fa46702f6c94c3c69a09e69e0eac52"}, {"url": "https://git.kernel.org/stable/c/34bb90e407e3288f610558beaae54ecaa32b11c4"}, {"url": "https://git.kernel.org/stable/c/dad3bdeef45f81a6e90204bcc85360bb76eccec7"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memory leak during stateful obj update\n\nstateful objects can be updated from the control plane.\nThe transaction logic allocates a temporary object for this purpose.\n\nThe ->init function was called for this object, so plain kfree() leaks\nresources. We must call ->destroy function of the object.\n\nnft_obj_destroy does this, but it also decrements the module refcount,\nbut the update path doesn't increment it.\n\nTo avoid special-casing the update object release, do module_get for\nthe update case too and release it via nft_obj_destroy()."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-22T03:31:27.165Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48933", "state": "PUBLISHED", "dateUpdated": "2024-09-12T17:32:59.806Z", "dateReserved": "2024-08-21T06:06:23.299Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-22T03:31:27.165Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3EC14C1-75C4-4ECD-94D3-EB9151F1007E", "versionEndExcluding": "5.4.182", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A95B717-3110-4D4F-B8FC-373919BB514D", "versionEndExcluding": "5.10.103", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AB342AE-A62E-4947-A6EA-511453062B2B", "versionEndExcluding": "5.15.26", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C76BAB21-7F23-4AD8-A25F-CA7B262A2698", "versionEndExcluding": "5.16.12", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memory leak during stateful obj update\n\nstateful objects can be updated from the control plane.\nThe transaction logic allocates a temporary object for this purpose.\n\nThe ->init function was called for this object, so plain kfree() leaks\nresources. We must call ->destroy function of the object.\n\nnft_obj_destroy does this, but it also decrements the module refcount,\nbut the update path doesn't increment it.\n\nTo avoid special-casing the update object release, do module_get for\nthe update case too and release it via nft_obj_destroy()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: corrige la p\u00e9rdida de memoria durante la actualizaci\u00f3n de objetos con estado. Los objetos con estado se pueden actualizar desde el plano de control. La l\u00f3gica de transacci\u00f3n asigna un objeto temporal para este prop\u00f3sito. La funci\u00f3n ->init fue llamada para este objeto, por lo que kfree() simple pierde recursos. Debemos llamar a la funci\u00f3n ->destruir del objeto. nft_obj_destroy hace esto, pero tambi\u00e9n disminuye el recuento del m\u00f3dulo, pero la ruta de actualizaci\u00f3n no lo incrementa. Para evitar usar may\u00fasculas y min\u00fasculas especiales en la versi\u00f3n del objeto de actualizaci\u00f3n, utilice module_get para el caso de actualizaci\u00f3n tambi\u00e9n y lib\u00e9rela mediante nft_obj_destroy()."}], "id": "CVE-2022-48933", "lastModified": "2024-08-23T01:50:09.313", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-22T04:15:16.143", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/34bb90e407e3288f610558beaae54ecaa32b11c4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/53026346a94c43f35c32b18804041bc483271d87"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7e9880e81d3fd6a43c202f205717485290432826"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dad3bdeef45f81a6e90204bcc85360bb76eccec7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e96e204ee6fa46702f6c94c3c69a09e69e0eac52"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: netfilter: nf_tables: fix memory leak during stateful obj update", "id": "2307189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307189"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nf_tables: fix memory leak during stateful obj update\nstateful objects can be updated from the control plane.\nThe transaction logic allocates a temporary object for this purpose.\nThe ->init function was called for this object, so plain kfree() leaks\nresources. We must call ->destroy function of the object.\nnft_obj_destroy does this, but it also decrements the module refcount,\nbut the update path doesn't increment it.\nTo avoid special-casing the update object release, do module_get for\nthe update case too and release it via nft_obj_destroy()."], "name": "CVE-2022-48933", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48933\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48933\nhttps://lore.kernel.org/linux-cve-announce/2024082223-CVE-2022-48933-6ebb@gregkh/T"], "threat_severity": "Moderate"}