CVE-2022-49622
HIGH EPSS 14.3%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid skb access on nf_stolen When verdict is NF_STOLEN, the skb might have been freed. When tracing is enabled, this can result in a use-after-free: 1. access to skb->nf_trace 2. access to skb->mark 3. computation of trace id 4. dump of packet payload To avoid 1, keep a cached copy of skb->nf_trace in the trace state struct. Refresh this copy whenever verdict is != STOLEN. Avoid 2 by skipping skb->mark access if verdict is STOLEN. 3 is avoided by precomputing the trace id. Only dump the packet when verdict is not "STOLEN".
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
14.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 5
References 2
- git.kernel.org https://git.kernel.org/stable/c/0016d5d46d7440729a3132f61a8da3bf7f84e2ba
- git.kernel.org https://git.kernel.org/stable/c/e34b9ed96ce3b06c79bf884009b16961ca478f87
Remediation
- git.kernel.org https://git.kernel.org/stable/c/0016d5d46d7440729a3132f61a8da3bf7f84e2ba
- git.kernel.org https://git.kernel.org/stable/c/e34b9ed96ce3b06c79bf884009b16961ca478f87