CVE-2022-49183
MEDIUM EPSS 15.8%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear in between, it is now leaking a reference to the old ct entry. That's because tcf_ct_skb_nfct_cached() returns false and tcf_ct_flow_table_lookup() may simply overwrite it. The fix is to, as the ct entry is not reusable, free it already at tcf_ct_skb_nfct_cached().
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
15.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 4
References 5
- git.kernel.org https://git.kernel.org/stable/c/4bb42d73def9411e5cad885b9811987d72431df1
- git.kernel.org https://git.kernel.org/stable/c/9222a08be539cbb7a8e0d46cbc7ab9e4db273eb8
- git.kernel.org https://git.kernel.org/stable/c/b24793a37d91aacad7cb9893b226a7924a89636a
- git.kernel.org https://git.kernel.org/stable/c/bcb74e132a76ce0502bb33d5b65533a4ed72d159
- git.kernel.org https://git.kernel.org/stable/c/bcbf4e5c3b5b373cd61528392dd1ec8e9c0fd33d
Remediation
- git.kernel.org https://git.kernel.org/stable/c/4bb42d73def9411e5cad885b9811987d72431df1
- git.kernel.org https://git.kernel.org/stable/c/b24793a37d91aacad7cb9893b226a7924a89636a
- git.kernel.org https://git.kernel.org/stable/c/bcb74e132a76ce0502bb33d5b65533a4ed72d159
- git.kernel.org https://git.kernel.org/stable/c/bcbf4e5c3b5b373cd61528392dd1ec8e9c0fd33d