Vlad Buslov

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is a memory leak that occurs when uncloning an skb dst and its associated metadata in the Linux kernel. A new dst+metadata is allocated and later replaces the old one in the skb, which is helpful to have a non-shared dst+metadata attached to a specific skb. However, the uncloned dst+metadata is initialized with a refcount of 1, which is increased to 2 before attaching it to the skb. When tun dst unclone returns, the dst+metadata is only referenced from a single place (the skb) while its refcount is 2. Its refcount will never drop to 0 (when the skb is consumed), leading to a memory leak. The fix involves removing the call to dst hold in tun dst unclone, as the dst+metadata refcount is already 1. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.15.0-rc2+ **Description** The vulnerability is related to a use-after-free issue in the `fl walk` function of the Linux kernel's `cls flower` module. This issue occurs when a filter is deleted concurrently while the `fl walk` function is iterating over it, causing a use-after-free error. The vulnerability can be exploited by an attacker to potentially execute arbitrary code or cause a denial-of-service condition. The `fl walk` function has been refactored to use `idr for each entry continue ul` and to obtain an RCU read lock while iterating over the filters, which should prevent the use-after-free issue. The vulnerability has been identified through a KASAN (Kernel Address Sanitizer) trace. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, update to a version later than 5.15.0-rc2+. As a temporary workaround, consider disabling the `fl walk` function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation. Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version of the Linux kernel.