ghsa-3hm2-vm5h-2p2m
Vulnerability from github
Published
2024-07-16 12:30
Modified
2024-07-16 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ieee802154: at86rf230: Stop leaking skb's

Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. In the Tx case we then leak the skb structure.

Free the skb structure upon error before returning when appropriate.

As the 'is_tx = 0' cannot be moved in the complete handler because of a possible race between the delay in switching to STATE_RX_AACK_ON and a new interrupt, we introduce an intermediate 'was_tx' boolean just for this purpose.

There is no Fixes tag applying here, many changes have been made on this area and the issue kind of always existed.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-48794"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T12:15:04Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: at86rf230: Stop leaking skb\u0027s\n\nUpon error the ieee802154_xmit_complete() helper is not called. Only\nieee802154_wake_queue() is called manually. In the Tx case we then leak\nthe skb structure.\n\nFree the skb structure upon error before returning when appropriate.\n\nAs the \u0027is_tx = 0\u0027 cannot be moved in the complete handler because of a\npossible race between the delay in switching to STATE_RX_AACK_ON and a\nnew interrupt, we introduce an intermediate \u0027was_tx\u0027 boolean just for\nthis purpose.\n\nThere is no Fixes tag applying here, many changes have been made on this\narea and the issue kind of always existed.",
  "id": "GHSA-3hm2-vm5h-2p2m",
  "modified": "2024-07-16T12:30:40Z",
  "published": "2024-07-16T12:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48794"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fd484644c68897c490a3307bfcc8bf767df5a43"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c72f04d52b7200bb83426a9bed378668271ea4a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23b2a25382400168427ea278f3d8bf4ecfd333bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/455ef08d6e5473526fa6763f75a93f7198206966"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6312f6a53fd3ea38125dcaca5e3c9aa7d8a60cf7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af649e5c95f56df64363bc46f6746b87819f9c0d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d2a1eaf51b7d4412319adb6acef114ba472d1692"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e5ce576d45bf72fd0e3dc37eff897bfcc488f6a9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.