CVE-2022-49358

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: memleak flow rule from commit path

Abort path release flow rule object, however, commit path does not.
Update code to destroy these objects before releasing the transaction.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
linuxlinux_kernel
5.3 ≤
𝑥
< 5.4.198
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.122
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.47
linuxlinux_kernel
5.16 ≤
𝑥
< 5.17.15
linuxlinux_kernel
5.18 ≤
𝑥
< 5.18.4
linuxlinux_kernel
5.19:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/330c0c6cd2150a2d7f47af16aa590078b0d2f736
https://git.kernel.org/stable/c/5b8d63489c3b701eb2a76f848ec94d8cbc9373b9
https://git.kernel.org/stable/c/80de9ea1f5b808a6601e91111fae601df2b26369
https://git.kernel.org/stable/c/9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3
https://git.kernel.org/stable/c/ab9f34a30c23f656e76f4c5b83125a4e7b53c86e
https://git.kernel.org/stable/c/e33d9bd563e71f6c6528b96008d65524a459c4dc