CVE-2022-49561
medium
CVSS v3
—
CVSS v2
—
VIR risk
5.5
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the extension space used to free'd after an rcu grace period, plus the race needs events enabled to trigger.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-49561
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-49561.html
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2022:8267
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 5.18.2-1 |
| debian | bullseye | fixed | 5.10.120-1 |
| debian | forky | fixed | 5.18.2-1 |
| debian | sid | fixed | 5.18.2-1 |
| debian | trixie | fixed | 5.18.2-1 |
References
Verify integrity in audit chain (admin only). AS-IS.