CVE-2022-49013

MEDIUM EPSS 15.0%
Published Oct 21, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: sctp: fix memory leak in sctp_stream_outq_migrate() When sctp_stream_outq_migrate() is called to release stream out resources, the memory pointed to by prio_head in stream out is not released. The memory leak information is as follows: unreferenced object 0xffff88801fe79f80 (size 64): comm "sctp_repo", pid 7957, jiffies 4294951704 (age 36.480s) hex dump (first 32 bytes): 80 9f e7 1f 80 88 ff ff 80 9f e7 1f 80 88 ff ff ................ 90 9f e7 1f 80 88 ff ff 90 9f e7 1f 80 88 ff ff ................ backtrace: [<ffffffff81b215c6>] kmalloc_trace+0x26/0x60 [<ffffffff88ae517c>] sctp_sched_prio_set+0x4cc/0x770 [<ffffffff88ad64f2>] sctp_stream_init_ext+0xd2/0x1b0 [<ffffffff88aa2604>] sctp_sendmsg_to_asoc+0x1614/0x1a30 [<ffffffff88ab7ff1>] sctp_sendmsg+0xda1/0x1ef0 [<ffffffff87f765ed>] inet_sendmsg+0x9d/0xe0 [<ffffffff8754b5b3>] sock_sendmsg+0xd3/0x120 [<ffffffff8755446a>] __sys_sendto+0x23a/0x340 [<ffffffff87554651>] __x64_sys_sendto+0xe1/0x1b0 [<ffffffff89978b49>] do_syscall_64+0x39/0xb0 [<ffffffff89a0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥4.15  –  <5.4.226
linuxlinux_kernel*≥5.5  –  <5.10.158
linuxlinux_kernel*≥5.11  –  <5.15.82
linuxlinux_kernel*≥5.16  –  <6.0.12
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/0dfb9a566327182387c90100ea54d8426cee8c67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/176ee6c673ccd118e9392fd2dbb165423bdb99ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a7555681e50bdebed2c40ff7404ee73c2e932993
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fa20f88271259d42ebe66f0a8c4c20199e888c99
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0dfb9a566327182387c90100ea54d8426cee8c67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/176ee6c673ccd118e9392fd2dbb165423bdb99ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a7555681e50bdebed2c40ff7404ee73c2e932993
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fa20f88271259d42ebe66f0a8c4c20199e888c99
    Patch