CVE-2022-49013
21.10.2024, 20:15
In the Linux kernel, the following vulnerability has been resolved:
sctp: fix memory leak in sctp_stream_outq_migrate()
When sctp_stream_outq_migrate() is called to release stream out resources,
the memory pointed to by prio_head in stream out is not released.
The memory leak information is as follows:
unreferenced object 0xffff88801fe79f80 (size 64):
comm "sctp_repo", pid 7957, jiffies 4294951704 (age 36.480s)
hex dump (first 32 bytes):
80 9f e7 1f 80 88 ff ff 80 9f e7 1f 80 88 ff ff ................
90 9f e7 1f 80 88 ff ff 90 9f e7 1f 80 88 ff ff ................
backtrace:
[<ffffffff81b215c6>] kmalloc_trace+0x26/0x60
[<ffffffff88ae517c>] sctp_sched_prio_set+0x4cc/0x770
[<ffffffff88ad64f2>] sctp_stream_init_ext+0xd2/0x1b0
[<ffffffff88aa2604>] sctp_sendmsg_to_asoc+0x1614/0x1a30
[<ffffffff88ab7ff1>] sctp_sendmsg+0xda1/0x1ef0
[<ffffffff87f765ed>] inet_sendmsg+0x9d/0xe0
[<ffffffff8754b5b3>] sock_sendmsg+0xd3/0x120
[<ffffffff8755446a>] __sys_sendto+0x23a/0x340
[<ffffffff87554651>] __x64_sys_sendto+0xe1/0x1b0
[<ffffffff89978b49>] do_syscall_64+0x39/0xb0
[<ffffffff89a0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcdEnginsight| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 4.15 ≤ 𝑥 < 5.4.226 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.158 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.82 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.0.12 |
| linux | linux_kernel | 6.1:rc1 |
| linux | linux_kernel | 6.1:rc2 |
| linux | linux_kernel | 6.1:rc3 |
| linux | linux_kernel | 6.1:rc4 |
| linux | linux_kernel | 6.1:rc5 |
| linux | linux_kernel | 6.1:rc6 |
| linux | linux_kernel | 6.1:rc7 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
References