CVE-2022-49066 (GCVE-0-2022-49066)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with act_mirred, skb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(), which expects at least ETH_HLEN byte of linear data (as __dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes unconditionally). Use pskb_may_pull() to ensure veth_xmit() respects this constraint. kernel BUG at include/linux/skbuff.h:2328! RIP: 0010:eth_type_trans+0xcf/0x140 Call Trace: <IRQ> __dev_forward_skb2+0xe3/0x160 veth_xmit+0x6e/0x250 [veth] dev_hard_start_xmit+0xc7/0x200 __dev_queue_xmit+0x47f/0x520 ? skb_ensure_writable+0x85/0xa0 ? skb_mpls_pop+0x98/0x1c0 tcf_mirred_act+0x442/0x47e [act_mirred] tcf_action_exec+0x86/0x140 fl_classify+0x1d8/0x1e0 [cls_flower] ? dma_pte_clear_level+0x129/0x1a0 ? dma_pte_clear_level+0x129/0x1a0 ? prb_fill_curr_block+0x2f/0xc0 ? skb_copy_bits+0x11a/0x220 __tcf_classify+0x58/0x110 tcf_classify_ingress+0x6b/0x140 __netif_receive_skb_core.constprop.0+0x47d/0xfd0 ? __iommu_dma_unmap_swiotlb+0x44/0x90 __netif_receive_skb_one_core+0x3d/0xa0 netif_receive_skb+0x116/0x170 be_process_rx+0x22f/0x330 [be2net] be_poll+0x13c/0x370 [be2net] __napi_poll+0x2a/0x170 net_rx_action+0x22f/0x2f0 __do_softirq+0xca/0x2a8 __irq_exit_rcu+0xc1/0xe0 common_interrupt+0x83/0xa0
Impacted products
Vendor Product Version
Linux Linux Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568
Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568
Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568
Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568
Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568
Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568
Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568
Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/veth.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3de2a02b60a4ef0ab76263216f08c7d095fc7c42",
              "status": "affected",
              "version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
              "versionType": "git"
            },
            {
              "lessThan": "d417a859221f127e8edf09c14b76ab50f825e171",
              "status": "affected",
              "version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
              "versionType": "git"
            },
            {
              "lessThan": "1ef0088e43af1de4e3b365218c4d3179d9a37eec",
              "status": "affected",
              "version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
              "versionType": "git"
            },
            {
              "lessThan": "2fd90b86dff413fbf8128780c04ea9c6849c16e2",
              "status": "affected",
              "version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
              "versionType": "git"
            },
            {
              "lessThan": "d67c900f1947d64ba8a64f693504bcaab8d9000c",
              "status": "affected",
              "version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
              "versionType": "git"
            },
            {
              "lessThan": "93940fc4cb81840dc0fa202de48cccb949a0261d",
              "status": "affected",
              "version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
              "versionType": "git"
            },
            {
              "lessThan": "46bc359fec0c6d87b70d7a008bcd9a5e30dd6f27",
              "status": "affected",
              "version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
              "versionType": "git"
            },
            {
              "lessThan": "726e2c5929de841fdcef4e2bf995680688ae1b87",
              "status": "affected",
              "version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/veth.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.24"
            },
            {
              "lessThan": "2.6.24",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.239",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.112",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.311",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.276",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.239",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.190",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.112",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.35",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.4",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nveth: Ensure eth header is in skb\u0027s linear part\n\nAfter feeding a decapsulated packet to a veth device with act_mirred,\nskb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(),\nwhich expects at least ETH_HLEN byte of linear data (as\n__dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes\nunconditionally).\n\nUse pskb_may_pull() to ensure veth_xmit() respects this constraint.\n\nkernel BUG at include/linux/skbuff.h:2328!\nRIP: 0010:eth_type_trans+0xcf/0x140\nCall Trace:\n \u003cIRQ\u003e\n __dev_forward_skb2+0xe3/0x160\n veth_xmit+0x6e/0x250 [veth]\n dev_hard_start_xmit+0xc7/0x200\n __dev_queue_xmit+0x47f/0x520\n ? skb_ensure_writable+0x85/0xa0\n ? skb_mpls_pop+0x98/0x1c0\n tcf_mirred_act+0x442/0x47e [act_mirred]\n tcf_action_exec+0x86/0x140\n fl_classify+0x1d8/0x1e0 [cls_flower]\n ? dma_pte_clear_level+0x129/0x1a0\n ? dma_pte_clear_level+0x129/0x1a0\n ? prb_fill_curr_block+0x2f/0xc0\n ? skb_copy_bits+0x11a/0x220\n __tcf_classify+0x58/0x110\n tcf_classify_ingress+0x6b/0x140\n __netif_receive_skb_core.constprop.0+0x47d/0xfd0\n ? __iommu_dma_unmap_swiotlb+0x44/0x90\n __netif_receive_skb_one_core+0x3d/0xa0\n netif_receive_skb+0x116/0x170\n be_process_rx+0x22f/0x330 [be2net]\n be_poll+0x13c/0x370 [be2net]\n __napi_poll+0x2a/0x170\n net_rx_action+0x22f/0x2f0\n __do_softirq+0xca/0x2a8\n __irq_exit_rcu+0xc1/0xe0\n common_interrupt+0x83/0xa0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:29:00.333Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3de2a02b60a4ef0ab76263216f08c7d095fc7c42"
        },
        {
          "url": "https://git.kernel.org/stable/c/d417a859221f127e8edf09c14b76ab50f825e171"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ef0088e43af1de4e3b365218c4d3179d9a37eec"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fd90b86dff413fbf8128780c04ea9c6849c16e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/d67c900f1947d64ba8a64f693504bcaab8d9000c"
        },
        {
          "url": "https://git.kernel.org/stable/c/93940fc4cb81840dc0fa202de48cccb949a0261d"
        },
        {
          "url": "https://git.kernel.org/stable/c/46bc359fec0c6d87b70d7a008bcd9a5e30dd6f27"
        },
        {
          "url": "https://git.kernel.org/stable/c/726e2c5929de841fdcef4e2bf995680688ae1b87"
        }
      ],
      "title": "veth: Ensure eth header is in skb\u0027s linear part",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49066",
    "datePublished": "2025-02-26T01:54:34.395Z",
    "dateReserved": "2025-02-26T01:49:39.244Z",
    "dateUpdated": "2025-05-04T08:29:00.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49066\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:00:43.820\",\"lastModified\":\"2025-10-14T19:01:51.153\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nveth: Ensure eth header is in skb\u0027s linear part\\n\\nAfter feeding a decapsulated packet to a veth device with act_mirred,\\nskb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(),\\nwhich expects at least ETH_HLEN byte of linear data (as\\n__dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes\\nunconditionally).\\n\\nUse pskb_may_pull() to ensure veth_xmit() respects this constraint.\\n\\nkernel BUG at include/linux/skbuff.h:2328!\\nRIP: 0010:eth_type_trans+0xcf/0x140\\nCall Trace:\\n \u003cIRQ\u003e\\n __dev_forward_skb2+0xe3/0x160\\n veth_xmit+0x6e/0x250 [veth]\\n dev_hard_start_xmit+0xc7/0x200\\n __dev_queue_xmit+0x47f/0x520\\n ? skb_ensure_writable+0x85/0xa0\\n ? skb_mpls_pop+0x98/0x1c0\\n tcf_mirred_act+0x442/0x47e [act_mirred]\\n tcf_action_exec+0x86/0x140\\n fl_classify+0x1d8/0x1e0 [cls_flower]\\n ? dma_pte_clear_level+0x129/0x1a0\\n ? dma_pte_clear_level+0x129/0x1a0\\n ? prb_fill_curr_block+0x2f/0xc0\\n ? skb_copy_bits+0x11a/0x220\\n __tcf_classify+0x58/0x110\\n tcf_classify_ingress+0x6b/0x140\\n __netif_receive_skb_core.constprop.0+0x47d/0xfd0\\n ? __iommu_dma_unmap_swiotlb+0x44/0x90\\n __netif_receive_skb_one_core+0x3d/0xa0\\n netif_receive_skb+0x116/0x170\\n be_process_rx+0x22f/0x330 [be2net]\\n be_poll+0x13c/0x370 [be2net]\\n __napi_poll+0x2a/0x170\\n net_rx_action+0x22f/0x2f0\\n __do_softirq+0xca/0x2a8\\n __irq_exit_rcu+0xc1/0xe0\\n common_interrupt+0x83/0xa0\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: veth: Asegurarse de que el encabezado eth est\u00e9 en la parte lineal de skb Despu\u00e9s de alimentar un paquete desencapsulado a un dispositivo veth con act_mirred, skb_headlen() puede ser 0. Pero veth_xmit() llama a __dev_forward_skb(), que espera al menos ETH_HLEN bytes de datos lineales (como __dev_forward_skb2() llama a eth_type_trans(), que extrae ETH_HLEN bytes incondicionalmente). Utilice pskb_may_pull() para asegurarse de que veth_xmit() respete esta restricci\u00f3n. \u00a1ERROR del kernel en include/linux/skbuff.h:2328! RIP: 0010:eth_type_trans+0xcf/0x140 Rastreo de llamadas:  __dev_forward_skb2+0xe3/0x160 veth_xmit+0x6e/0x250 [veth] dev_hard_start_xmit+0xc7/0x200 __dev_queue_xmit+0x47f/0x520 ? skb_ensure_writable+0x85/0xa0 ? skb_mpls_pop+0x98/0x1c0 tcf_mirred_act+0x442/0x47e [act_mirred] tcf_action_exec+0x86/0x140 fl_classify+0x1d8/0x1e0 [cls_flower] ? skb_copy_bits+0x11a/0x220 __tcf_classify+0x58/0x110 tcf_classify_ingress+0x6b/0x140 __netif_receive_skb_core.constprop.0+0x47d/0xfd0 ? __iommu_dma_unmap_swiotlb+0x44/0x90 __netif_receive_skb_one_core+0x3d/0xa0 netif_receive_skb+0x116/0x170 be_process_rx+0x22f/0x330 [be2net] be_poll+0x13c/0x370 [be2net] __napi_poll+0x2a/0x170 net_rx_action+0x22f/0x2f0 __do_softirq+0xca/0x2a8 __irq_exit_rcu+0xc1/0xe0 common_interrupt+0x83/0xa0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.24\",\"versionEndExcluding\":\"4.9.311\",\"matchCriteriaId\":\"03755CB2-5811-4C2A-9848-10A1F5F86F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.14.276\",\"matchCriteriaId\":\"6D9B028C-6313-47F9-94B7-5F8122345E49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.239\",\"matchCriteriaId\":\"712D9B45-4B53-4563-94B5-F758AFBBFB0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.190\",\"matchCriteriaId\":\"E0ADBA6D-47D8-4518-8D10-9B9196DE680B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.112\",\"matchCriteriaId\":\"0460A5D2-3024-497A-B799-23E025B91972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.35\",\"matchCriteriaId\":\"05ABCC3F-88A9-47F9-9D40-8665747B2E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.17.4\",\"matchCriteriaId\":\"E22C86CB-06CD-4D16-AB2A-F21EE8199262\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AD94161-84BB-42E6-9882-4FC0C42E9FC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.18:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AB06DDF-3C2B-416D-B448-E990D8FF67A9\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1ef0088e43af1de4e3b365218c4d3179d9a37eec\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2fd90b86dff413fbf8128780c04ea9c6849c16e2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3de2a02b60a4ef0ab76263216f08c7d095fc7c42\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/46bc359fec0c6d87b70d7a008bcd9a5e30dd6f27\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/726e2c5929de841fdcef4e2bf995680688ae1b87\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93940fc4cb81840dc0fa202de48cccb949a0261d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d417a859221f127e8edf09c14b76ab50f825e171\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d67c900f1947d64ba8a64f693504bcaab8d9000c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…