NVD Vulnerability Detail

CVE-2022-48958

Summary	In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated skb when dma_mapping_error() returns error, so add dev_kfree_skb() to fix it. Compile tested only.
Publication Date	Oct. 22, 2024, 5:15 a.m.
Registration Date	Oct. 22, 2024, 12:01 p.m.
Last Update	Oct. 25, 2024, 5 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/223654e2e2c8d05347cd8e300f8d1ec6023103dd	Patch
2	https://git.kernel.org/stable/c/cb1e293f858e5e1152b8791047ed4bdaaf392189	Patch
3	https://git.kernel.org/stable/c/bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c	Patch
4	https://git.kernel.org/stable/c/99669d94ce145389f1d6f197e6e18ed50d43fb76	Patch
5	https://git.kernel.org/stable/c/87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5	Patch
6	https://git.kernel.org/stable/c/c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7	Patch
7	https://git.kernel.org/stable/c/dd62867a6383f78f75f07039394aac25924a3307	Patch
8	https://git.kernel.org/stable/c/063a932b64db3317ec020c94466fe52923a15f60	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-401	有効期限後のメモリの解放の欠如	https://cwe.mitre.org/data/definitions/401.html

JVN Vulnerability Information

Linux の Linux Kernel における有効期限後のメモリの解放の欠如に関する脆弱性

Title	Linux の Linux Kernel における有効期限後のメモリの解放の欠如に関する脆弱性
Summary	Linux の Linux Kernel には、有効期限後のメモリの解放の欠如に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 7, 2022, midnight
Registration Date	Oct. 25, 2024, 2:25 p.m.
Last Update	Oct. 25, 2024, 2:25 p.m.

Affected System

Linux

Linux Kernel 2.6.34 以上 4.9.336 未満

Linux Kernel 4.10 以上 4.14.302 未満

Linux Kernel 4.15 以上 4.19.269 未満

Linux Kernel 4.20 以上 5.4.227 未満

Linux Kernel 5.11 以上 5.15.83 未満

Linux Kernel 5.16 以上 6.0.13 未満

Linux Kernel 5.5 以上 5.10.159 未満

Linux Kernel 6.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-48958	https://www.cve.org/CVERecord?id=CVE-2022-48958
National Vulnerability Database (NVD)
2	CVE-2022-48958	https://nvd.nist.gov/vuln/detail/CVE-2022-48958

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-401	https://cwe.mitre.org/data/definitions/401.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	ethernet: aeroflex: fix potential skb leak in greth_init_rings() (063a932)	https://git.kernel.org/stable/c/063a932b64db3317ec020c94466fe52923a15f60
2	ethernet: aeroflex: fix potential skb leak in greth_init_rings() (223654e)	https://git.kernel.org/stable/c/223654e2e2c8d05347cd8e300f8d1ec6023103dd
3	ethernet: aeroflex: fix potential skb leak in greth_init_rings() (87277bd)	https://git.kernel.org/stable/c/87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5
4	ethernet: aeroflex: fix potential skb leak in greth_init_rings() (99669d9)	https://git.kernel.org/stable/c/99669d94ce145389f1d6f197e6e18ed50d43fb76
5	ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bfaa8f6)	https://git.kernel.org/stable/c/bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c
6	ethernet: aeroflex: fix potential skb leak in greth_init_rings() (c7adcbd)	https://git.kernel.org/stable/c/c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7
7	ethernet: aeroflex: fix potential skb leak in greth_init_rings() (cb1e293)	https://git.kernel.org/stable/c/cb1e293f858e5e1152b8791047ed4bdaaf392189
8	ethernet: aeroflex: fix potential skb leak in greth_init_rings() (dd62867)	https://git.kernel.org/stable/c/dd62867a6383f78f75f07039394aac25924a3307
Linux Kernel
9	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年10月25日] 掲載	Oct. 25, 2024, 10:20 a.m.