CVE-2022-49020 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix() will return an error directly instead of releasing the cscoket, which will result in a socket leak. This patch adds sock_release() to fix the leak issue.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc7::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443
https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748
https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd
https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260
https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd
https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8
https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64
https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf
https://lore.kernel.org/linux-cve-announce/2024102154-CVE-2022-49020-2d32@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49020
https://www.cve.org/CVERecord?id=CVE-2022-49020

History

Fri, 25 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772

Thu, 24 Oct 2024 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc7::::::
Vendors & Products		Linux Linux linux Kernel

Tue, 22 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 22 Oct 2024 13:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024102154-CVE-2022-49020-2d32@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-49020 https://www.cve.org/CVERecord?id=CVE-2022-49020
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Mon, 21 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix() will return an error directly instead of releasing the cscoket, which will result in a socket leak. This patch adds sock_release() to fix the leak issue.
Title		net/9p: Fix a potential socket leak in p9_socket_open
References		https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443 https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748 https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260 https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8 https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64 https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-10-21T20:06:27.976Z

Updated: 2024-12-19T08:12:34.777Z

Reserved: 2024-08-22T01:27:53.649Z

Link: CVE-2022-49020

Vulnrichment

Updated: 2024-10-22T13:12:46.188Z

NVD

Status : Analyzed

Published: 2024-10-21T20:15:13.100

Modified: 2024-10-24T18:43:20.887

Link: CVE-2022-49020

Redhat

Severity : Moderate

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2022-49020 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49020", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-22T01:27:53.649Z", "datePublished": "2024-10-21T20:06:27.976Z", "dateUpdated": "2024-12-19T08:12:34.777Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:12:34.777Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix a potential socket leak in p9_socket_open\n\nBoth p9_fd_create_tcp() and p9_fd_create_unix() will call\np9_socket_open(). If the creation of p9_trans_fd fails,\np9_fd_create_tcp() and p9_fd_create_unix() will return an\nerror directly instead of releasing the cscoket, which will\nresult in a socket leak.\n\nThis patch adds sock_release() to fix the leak issue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/9p/trans_fd.c"], "versions": [{"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "0396227f4daf4792a6a8aaa3b7771dc25c4cd443", "status": "affected", "versionType": "git"}, {"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "ded893965b895b2dccd3d1436d8d3daffa23ea64", "status": "affected", "versionType": "git"}, {"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "8b14bd0b500aec1458b51cb621c8e5fab3304260", "status": "affected", "versionType": "git"}, {"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "2d24d91b9f44620824fc37b766f7cae00ca32748", "status": "affected", "versionType": "git"}, {"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "e01c1542379fb395e7da53706df598f38905dfbf", "status": "affected", "versionType": "git"}, {"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "8782b32ef867de7981bbe9e86ecb90e92e8780bd", "status": "affected", "versionType": "git"}, {"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd", "status": "affected", "versionType": "git"}, {"version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "dcc14cfd7debe11b825cb077e75d91d2575b4cb8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/9p/trans_fd.c"], "versions": [{"version": "2.6.33", "status": "affected"}, {"version": "0", "lessThan": "2.6.33", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.335", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.301", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.268", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.226", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.158", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.82", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.12", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443"}, {"url": "https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64"}, {"url": "https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260"}, {"url": "https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748"}, {"url": "https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf"}, {"url": "https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd"}, {"url": "https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd"}, {"url": "https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8"}], "title": "net/9p: Fix a potential socket leak in p9_socket_open", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-49020", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:12:42.990180Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:18:37.309Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-49020", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:12:42.990180Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:12:46.188Z"}}], "cna": {"title": "net/9p: Fix a potential socket leak in p9_socket_open", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "0396227f4daf4792a6a8aaa3b7771dc25c4cd443", "versionType": "git"}, {"status": "affected", "version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "ded893965b895b2dccd3d1436d8d3daffa23ea64", "versionType": "git"}, {"status": "affected", "version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "8b14bd0b500aec1458b51cb621c8e5fab3304260", "versionType": "git"}, {"status": "affected", "version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "2d24d91b9f44620824fc37b766f7cae00ca32748", "versionType": "git"}, {"status": "affected", "version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "e01c1542379fb395e7da53706df598f38905dfbf", "versionType": "git"}, {"status": "affected", "version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "8782b32ef867de7981bbe9e86ecb90e92e8780bd", "versionType": "git"}, {"status": "affected", "version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd", "versionType": "git"}, {"status": "affected", "version": "6b18662e239a032f908b7f6e164bdf7e2e0a32c9", "lessThan": "dcc14cfd7debe11b825cb077e75d91d2575b4cb8", "versionType": "git"}], "programFiles": ["net/9p/trans_fd.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.33"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.33", "versionType": "semver"}, {"status": "unaffected", "version": "4.9.335", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.301", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.268", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.226", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.158", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.82", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.0.12", "versionType": "semver", "lessThanOrEqual": "6.0.*"}, {"status": "unaffected", "version": "6.1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/9p/trans_fd.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443"}, {"url": "https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64"}, {"url": "https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260"}, {"url": "https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748"}, {"url": "https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf"}, {"url": "https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd"}, {"url": "https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd"}, {"url": "https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix a potential socket leak in p9_socket_open\n\nBoth p9_fd_create_tcp() and p9_fd_create_unix() will call\np9_socket_open(). If the creation of p9_trans_fd fails,\np9_fd_create_tcp() and p9_fd_create_unix() will return an\nerror directly instead of releasing the cscoket, which will\nresult in a socket leak.\n\nThis patch adds sock_release() to fix the leak issue."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:12:34.777Z"}}}, "cveMetadata": {"cveId": "CVE-2022-49020", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:12:34.777Z", "dateReserved": "2024-08-22T01:27:53.649Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T20:06:27.976Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "136F2799-F7E6-44CC-9C33-543F433340FC", "versionEndExcluding": "4.9.335", "versionStartIncluding": "2.6.33", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EE18A3A-1E78-44D6-9FDB-B267E4819993", "versionEndExcluding": "4.14.301", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "04705C94-71FA-46AB-AF73-B551892B0EBA", "versionEndExcluding": "4.19.268", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "274F5087-5805-4D03-8C74-8517300658F1", "versionEndExcluding": "5.4.226", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0FB1AF1-0A0B-4419-B25F-C61F17380E18", "versionEndExcluding": "5.10.158", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DC20DB6-73C1-4465-B931-117BFB8EBB02", "versionEndExcluding": "5.15.82", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6D56E90-F3EE-413D-B3E2-B518932F0C7D", "versionEndExcluding": "6.0.12", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*", "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*", "matchCriteriaId": "3FFFB0B3-930D-408A-91E2-BAE0C2715D80", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*", "matchCriteriaId": "8535320E-A0DB-4277-800E-D0CE5BBA59E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix a potential socket leak in p9_socket_open\n\nBoth p9_fd_create_tcp() and p9_fd_create_unix() will call\np9_socket_open(). If the creation of p9_trans_fd fails,\np9_fd_create_tcp() and p9_fd_create_unix() will return an\nerror directly instead of releasing the cscoket, which will\nresult in a socket leak.\n\nThis patch adds sock_release() to fix the leak issue."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/9p: Se soluciona una posible fuga de socket en p9_socket_open Tanto p9_fd_create_tcp() como p9_fd_create_unix() llamar\u00e1n a p9_socket_open(). Si la creaci\u00f3n de p9_trans_fd fallo, p9_fd_create_tcp() y p9_fd_create_unix() devolver\u00e1n un error directamente en lugar de liberar el cscoket, lo que provocar\u00e1 una fuga de socket. Este parche agrega sock_release() para solucionar el problema de la fuga."}], "id": "CVE-2022-49020", "lastModified": "2024-10-24T18:43:20.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T20:15:13.100", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net/9p: Fix a potential socket leak in p9_socket_open", "id": "2320787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320787"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet/9p: Fix a potential socket leak in p9_socket_open\nBoth p9_fd_create_tcp() and p9_fd_create_unix() will call\np9_socket_open(). If the creation of p9_trans_fd fails,\np9_fd_create_tcp() and p9_fd_create_unix() will return an\nerror directly instead of releasing the cscoket, which will\nresult in a socket leak.\nThis patch adds sock_release() to fix the leak issue."], "name": "CVE-2022-49020", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49020\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49020\nhttps://lore.kernel.org/linux-cve-announce/2024102154-CVE-2022-49020-2d32@gregkh/T"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object