Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device destruction. NAPIs live in struct tun_file which can get destroyed before the netdev so we have to del them explicitly. The current code is missing deleting the NAPI if the queue was detached first.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.15, < 4.19.251 |
References
- https://git.kernel.org/stable/c/3b9bc84d311104906d2b4995a9a02d7b7ddab2dbPatch
- https://git.kernel.org/stable/c/8145f77d38de4f88b8a69e1463f5c09ba189d77cPatch
- https://git.kernel.org/stable/c/82e729aee59acefe135fceffadcbc5b86dd4f1b9Patch
- https://git.kernel.org/stable/c/8661d4b8faa2f7ee7a559969c0a7c57f077b1728Patch
- https://git.kernel.org/stable/c/a8cf919022373c97a84fe596bbea544f909c485dPatch
- https://git.kernel.org/stable/c/bec1be0a745ab420718217e3e0d9542a75108989Patch
FAQ
What is CVE-2022-49672?
CVE-2022-49672 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device destruction. NAPIs live in struct...
How severe is CVE-2022-49672?
CVE-2022-49672 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49672?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.