CVE-2022-49020

In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix() will return an error directly instead of releasing the cscoket, which will result in a socket leak. This patch adds sock_release() to fix the leak issue.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*

History

24 Oct 2024, 18:43

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
CWE CWE-401
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443 - () https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443 - Patch
References () https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748 - () https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748 - Patch
References () https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd - () https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd - Patch
References () https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260 - () https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260 - Patch
References () https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd - () https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebd - Patch
References () https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8 - () https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8 - Patch
References () https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64 - () https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64 - Patch
References () https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf - () https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf - Patch

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/9p: Se soluciona una posible fuga de socket en p9_socket_open Tanto p9_fd_create_tcp() como p9_fd_create_unix() llamarán a p9_socket_open(). Si la creación de p9_trans_fd fallo, p9_fd_create_tcp() y p9_fd_create_unix() devolverán un error directamente en lugar de liberar el cscoket, lo que provocará una fuga de socket. Este parche agrega sock_release() para solucionar el problema de la fuga.

21 Oct 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 20:15

Updated : 2024-10-24 18:43


NVD link : CVE-2022-49020

Mitre link : CVE-2022-49020

CVE.ORG link : CVE-2022-49020


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime