CVE-2022-49917

In the Linux kernel, the following vulnerability has been resolved:

ipvs: fix WARNING in ip_vs_app_net_cleanup()

During the initialization of ip_vs_app_net_init(), if file ip_vs_app
fails to be created, the initialization is successful by default.
Therefore, the ip_vs_app file doesn't be found during the remove in
ip_vs_app_net_cleanup(). It will cause WRNING.

The following is the stack information:
name 'ip_vs_app'
WARNING: CPU: 1 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460
Modules linked in:
Workqueue: netns cleanup_net
RIP: 0010:remove_proc_entry+0x389/0x460
Call Trace:
<TASK>
ops_exit_list+0x125/0x170
cleanup_net+0x4ea/0xb00
process_one_work+0x9bf/0x1710
worker_thread+0x665/0x1080
kthread+0x2e4/0x3a0
ret_from_fork+0x1f/0x30
</TASK>
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
linuxlinux_kernel
2.6.24 ≤
𝑥
< 4.19.265
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.224
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.154
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.78
linuxlinux_kernel
5.16 ≤
𝑥
< 6.0.8
linuxlinux_kernel
6.1:rc1
linuxlinux_kernel
6.1:rc2
linuxlinux_kernel
6.1:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.129-1
fixed
bookworm (security)
6.1.135-1
fixed
trixie
6.12.22-1
fixed
sid
6.12.25-1
fixed
References
https://git.kernel.org/stable/c/06d7596d18725f1a93cf817662d36050e5afb989
https://git.kernel.org/stable/c/2c8d81bdb2684d53d6cedad7410ba4cf9090e343
https://git.kernel.org/stable/c/5663ed63adb9619c98ab7479aa4606fa9b7a548c
https://git.kernel.org/stable/c/8457a00c981fe1a799ce34123908856b0f5973b8
https://git.kernel.org/stable/c/97f872b00937f2689bff2dab4ad9ed259482840f
https://git.kernel.org/stable/c/adc76740ccd52e4a1d910767cd1223e134a7078b