Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix() will return an error directly instead of releasing the cscoket, which will result in a socket leak. This patch adds sock_release() to fix the leak issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.33, < 4.9.335 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443Patch
- https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748Patch
- https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bdPatch
- https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260Patch
- https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de8e74ebdPatch
- https://git.kernel.org/stable/c/dcc14cfd7debe11b825cb077e75d91d2575b4cb8Patch
- https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64Patch
- https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbfPatch
FAQ
What is CVE-2022-49020?
CVE-2022-49020 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). ...
How severe is CVE-2022-49020?
CVE-2022-49020 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49020?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.