ghsa-rc8q-6743-jh4w
Vulnerability from github
Published
2025-05-01 15:31
Modified
2025-05-07 15:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

net: macvlan: fix memory leaks of macvlan_common_newlink

kmemleak reports memory leaks in macvlan_common_newlink, as follows:

ip link add link eth0 name .. type macvlan mode source macaddr add

kmemleak reports:

unreferenced object 0xffff8880109bb140 (size 64): comm "ip", pid 284, jiffies 4294986150 (age 430.108s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 b8 aa 5a 12 80 88 ff ff ..........Z..... 80 1b fa 0d 80 88 ff ff 1e ff ac af c7 c1 6b 6b ..............kk backtrace: [] kmem_cache_alloc_trace+0x1c7/0x300 [] macvlan_hash_add_source+0x45/0xc0 [] macvlan_changelink_sources+0xd7/0x170 [] macvlan_common_newlink+0x38c/0x5a0 [] macvlan_newlink+0xe/0x20 [] __rtnl_newlink+0x7af/0xa50 [] rtnl_newlink+0x48/0x70 ...

In the scenario where the macvlan mode is configured as 'source', macvlan_changelink_sources() will be execured to reconfigure list of remote source mac addresses, at the same time, if register_netdevice() return an error, the resource generated by macvlan_changelink_sources() is not cleaned up.

Using this patch, in the case of an error, it will execute macvlan_flush_sources() to ensure that the resource is cleaned up.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macvlan: fix memory leaks of macvlan_common_newlink\n\nkmemleak reports memory leaks in macvlan_common_newlink, as follows:\n\n ip link add link eth0 name .. type macvlan mode source macaddr add\n \u003cMAC-ADDR\u003e\n\nkmemleak reports:\n\nunreferenced object 0xffff8880109bb140 (size 64):\n  comm \"ip\", pid 284, jiffies 4294986150 (age 430.108s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 b8 aa 5a 12 80 88 ff ff  ..........Z.....\n    80 1b fa 0d 80 88 ff ff 1e ff ac af c7 c1 6b 6b  ..............kk\n  backtrace:\n    [\u003cffffffff813e06a7\u003e] kmem_cache_alloc_trace+0x1c7/0x300\n    [\u003cffffffff81b66025\u003e] macvlan_hash_add_source+0x45/0xc0\n    [\u003cffffffff81b66a67\u003e] macvlan_changelink_sources+0xd7/0x170\n    [\u003cffffffff81b6775c\u003e] macvlan_common_newlink+0x38c/0x5a0\n    [\u003cffffffff81b6797e\u003e] macvlan_newlink+0xe/0x20\n    [\u003cffffffff81d97f8f\u003e] __rtnl_newlink+0x7af/0xa50\n    [\u003cffffffff81d98278\u003e] rtnl_newlink+0x48/0x70\n    ...\n\nIn the scenario where the macvlan mode is configured as \u0027source\u0027,\nmacvlan_changelink_sources() will be execured to reconfigure list of\nremote source mac addresses, at the same time, if register_netdevice()\nreturn an error, the resource generated by macvlan_changelink_sources()\nis not cleaned up.\n\nUsing this patch, in the case of an error, it will execute\nmacvlan_flush_sources() to ensure that the resource is cleaned up.",
  "id": "GHSA-rc8q-6743-jh4w",
  "modified": "2025-05-07T15:31:24Z",
  "published": "2025-05-01T15:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49853"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/21d3a8b6a1e39e7529ce9de07316ee13a63f305b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23569b5652ee8e8e55a12f7835f59af6f3cefc30"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/685e73e3f7a9fb75cbf049a9d0b7c45cc6b57b2e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/956e0216a19994443c90ba2ea6b0b284c9c4f9cb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ea003c4671b2fc455320ecf6d4a43b0a3c1878a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f288e338be206713d79b29144c27fca4503c39b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a81b44d1df1f07f00c0dcc0a0b3d2fa24a46289e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8d67367ab33604326cc37ab44fd1801bf5691ba"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.