CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-49808

In the Linux kernel, the following vulnerability has been resolved: net: dsa: don't leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba ("net: dsa: introduce tagger-owned storage for private and shared data"), we had a call to tag_ops->disconnect(dst) issued from dsa_tree_free(), which is called at tree teardown time. There were problems with connecting to a switch tree as a whole, so this got reworked to connecting to individual switches within the tree. In this process, tag_ops->disconnect(ds) was made to be called only from switch.c (cross-chip notifiers emitted as a result of dynamic tag proto changes), but the normal driver teardown code path wasn't replaced with anything. Solve this problem by adding a function that does the opposite of dsa_switch_setup_tag_protocol(), which is called from the equivalent spot in dsa_switch_teardown(). The positioning here also ensures that we won't have any use-after-free in tagging protocol (*rcv) ops, since the teardown sequence is as follows: dsa_tree_teardown -> dsa_tree_teardown_master -> dsa_master_teardown -> unsets master->dsa_ptr, making no further packets match the ETH_P_XDSA packet type handler -> dsa_tree_teardown_ports -> dsa_port_teardown -> dsa_slave_destroy -> unregisters DSA net devices, there is even a synchronize_net() in unregister_netdevice_many() -> dsa_tree_teardown_switches -> dsa_switch_teardown -> dsa_switch_teardown_tag_protocol -> finally frees the tagger-owned storage

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 3.6%

CVSS Severity

CVSS v3 Score 5.5

References

Products affected by CVE-2022-49808

Linux » Linux Kernel » Version: 5.17

cpe:2.3:o:linux:linux_kernel:5.17
Linux » Linux Kernel » Version: 5.17.1

cpe:2.3:o:linux:linux_kernel:5.17.1
Linux » Linux Kernel » Version: 5.17.10

cpe:2.3:o:linux:linux_kernel:5.17.10
Linux » Linux Kernel » Version: 5.17.11

cpe:2.3:o:linux:linux_kernel:5.17.11
Linux » Linux Kernel » Version: 5.17.12

cpe:2.3:o:linux:linux_kernel:5.17.12
Linux » Linux Kernel » Version: 5.17.13

cpe:2.3:o:linux:linux_kernel:5.17.13
Linux » Linux Kernel » Version: 5.17.14

cpe:2.3:o:linux:linux_kernel:5.17.14
Linux » Linux Kernel » Version: 5.17.15

cpe:2.3:o:linux:linux_kernel:5.17.15
Linux » Linux Kernel » Version: 5.17.2

cpe:2.3:o:linux:linux_kernel:5.17.2
Linux » Linux Kernel » Version: 5.17.3

cpe:2.3:o:linux:linux_kernel:5.17.3
Linux » Linux Kernel » Version: 5.17.4

cpe:2.3:o:linux:linux_kernel:5.17.4
Linux » Linux Kernel » Version: 5.17.5

cpe:2.3:o:linux:linux_kernel:5.17.5
Linux » Linux Kernel » Version: 5.17.6

cpe:2.3:o:linux:linux_kernel:5.17.6
Linux » Linux Kernel » Version: 5.17.7

cpe:2.3:o:linux:linux_kernel:5.17.7
Linux » Linux Kernel » Version: 5.17.8

cpe:2.3:o:linux:linux_kernel:5.17.8
Linux » Linux Kernel » Version: 5.17.9

cpe:2.3:o:linux:linux_kernel:5.17.9
Linux » Linux Kernel » Version: 5.18

cpe:2.3:o:linux:linux_kernel:5.18
Linux » Linux Kernel » Version: 5.18.1

cpe:2.3:o:linux:linux_kernel:5.18.1
Linux » Linux Kernel » Version: 5.18.10

cpe:2.3:o:linux:linux_kernel:5.18.10
Linux » Linux Kernel » Version: 5.18.11

cpe:2.3:o:linux:linux_kernel:5.18.11
Linux » Linux Kernel » Version: 5.18.12

cpe:2.3:o:linux:linux_kernel:5.18.12
Linux » Linux Kernel » Version: 5.18.13

cpe:2.3:o:linux:linux_kernel:5.18.13
Linux » Linux Kernel » Version: 5.18.14

cpe:2.3:o:linux:linux_kernel:5.18.14
Linux » Linux Kernel » Version: 5.18.15

cpe:2.3:o:linux:linux_kernel:5.18.15
Linux » Linux Kernel » Version: 5.18.16

cpe:2.3:o:linux:linux_kernel:5.18.16
Linux » Linux Kernel » Version: 5.18.17

cpe:2.3:o:linux:linux_kernel:5.18.17
Linux » Linux Kernel » Version: 5.18.18

cpe:2.3:o:linux:linux_kernel:5.18.18
Linux » Linux Kernel » Version: 5.18.19

cpe:2.3:o:linux:linux_kernel:5.18.19
Linux » Linux Kernel » Version: 5.18.2

cpe:2.3:o:linux:linux_kernel:5.18.2
Linux » Linux Kernel » Version: 5.18.3

cpe:2.3:o:linux:linux_kernel:5.18.3
Linux » Linux Kernel » Version: 5.18.4

cpe:2.3:o:linux:linux_kernel:5.18.4
Linux » Linux Kernel » Version: 5.18.5

cpe:2.3:o:linux:linux_kernel:5.18.5
Linux » Linux Kernel » Version: 5.18.6

cpe:2.3:o:linux:linux_kernel:5.18.6
Linux » Linux Kernel » Version: 5.18.7

cpe:2.3:o:linux:linux_kernel:5.18.7
Linux » Linux Kernel » Version: 5.18.8

cpe:2.3:o:linux:linux_kernel:5.18.8
Linux » Linux Kernel » Version: 5.18.9

cpe:2.3:o:linux:linux_kernel:5.18.9
Linux » Linux Kernel » Version: 5.19

cpe:2.3:o:linux:linux_kernel:5.19
Linux » Linux Kernel » Version: 5.19.1

cpe:2.3:o:linux:linux_kernel:5.19.1
Linux » Linux Kernel » Version: 5.19.10

cpe:2.3:o:linux:linux_kernel:5.19.10
Linux » Linux Kernel » Version: 5.19.11

cpe:2.3:o:linux:linux_kernel:5.19.11
Linux » Linux Kernel » Version: 5.19.12

cpe:2.3:o:linux:linux_kernel:5.19.12
Linux » Linux Kernel » Version: 5.19.13

cpe:2.3:o:linux:linux_kernel:5.19.13
Linux » Linux Kernel » Version: 5.19.14

cpe:2.3:o:linux:linux_kernel:5.19.14
Linux » Linux Kernel » Version: 5.19.15

cpe:2.3:o:linux:linux_kernel:5.19.15
Linux » Linux Kernel » Version: 5.19.16

cpe:2.3:o:linux:linux_kernel:5.19.16
Linux » Linux Kernel » Version: 5.19.17

cpe:2.3:o:linux:linux_kernel:5.19.17
Linux » Linux Kernel » Version: 5.19.2

cpe:2.3:o:linux:linux_kernel:5.19.2
Linux » Linux Kernel » Version: 5.19.3

cpe:2.3:o:linux:linux_kernel:5.19.3
Linux » Linux Kernel » Version: 5.19.4

cpe:2.3:o:linux:linux_kernel:5.19.4
Linux » Linux Kernel » Version: 5.19.5

cpe:2.3:o:linux:linux_kernel:5.19.5
Linux » Linux Kernel » Version: 5.19.6

cpe:2.3:o:linux:linux_kernel:5.19.6
Linux » Linux Kernel » Version: 5.19.7

cpe:2.3:o:linux:linux_kernel:5.19.7
Linux » Linux Kernel » Version: 5.19.8

cpe:2.3:o:linux:linux_kernel:5.19.8
Linux » Linux Kernel » Version: 5.19.9

cpe:2.3:o:linux:linux_kernel:5.19.9
Linux » Linux Kernel » Version: 6.0

cpe:2.3:o:linux:linux_kernel:6.0
Linux » Linux Kernel » Version: 6.0.1

cpe:2.3:o:linux:linux_kernel:6.0.1
Linux » Linux Kernel » Version: 6.0.2

cpe:2.3:o:linux:linux_kernel:6.0.2
Linux » Linux Kernel » Version: 6.0.3

cpe:2.3:o:linux:linux_kernel:6.0.3
Linux » Linux Kernel » Version: 6.0.4

cpe:2.3:o:linux:linux_kernel:6.0.4
Linux » Linux Kernel » Version: 6.0.5

cpe:2.3:o:linux:linux_kernel:6.0.5
Linux » Linux Kernel » Version: 6.0.6

cpe:2.3:o:linux:linux_kernel:6.0.6
Linux » Linux Kernel » Version: 6.0.7

cpe:2.3:o:linux:linux_kernel:6.0.7
Linux » Linux Kernel » Version: 6.0.8

cpe:2.3:o:linux:linux_kernel:6.0.8
Linux » Linux Kernel » Version: 6.0.9

cpe:2.3:o:linux:linux_kernel:6.0.9
Linux » Linux Kernel » Version: 6.1

cpe:2.3:o:linux:linux_kernel:6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-49808

Products

Pricing

Contact Us