CVE-2022-49921

Опубликовано: 01 мая 2025

Источник: redhat

CVSS3: 4.7

Описание

In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in red_enqueue() We can't use "skb" again after passing it to qdisc_enqueue(). This is basically identical to commit 2f09707d0c97 ("sch_sfb: Also store skb len before calling child enqueue").

Отчет

The bug could happen only when qdisc with Random Early Detection (RED) packet scheduling algorithm being used. The security impact is limited.

Меры по смягчению последствий

To mitigate this issue, prevent module sch_red from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Out of support scope
Red Hat Enterprise Linux 8	kernel-rt	Out of support scope
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-681

https://bugzilla.redhat.com/show_bug.cgi?id=2363452kernel: net: sched: Fix use after free in red_enqueue()

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2022-49921

CVSS3: 7.8

ubuntu

9 месяцев назад

CVE-2022-49921

CVSS3: 7.8

nvd

9 месяцев назад

CVE-2022-49921

CVSS3: 7.8

debian

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: n ...

GHSA-5gp6-334q-267g

CVSS3: 7.8

github

9 месяцев назад

SUSE-SU-2025:02334-1

suse-cvrf

7 месяцев назад

Security update for the Linux Kernel

4.7 Medium

CVSS3