CVE-2022-48912

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.1

Description A critical vulnerability in the Linux kernel has been resolved, affecting versions prior to 5.17.1. The vulnerability is related to a use-after-free issue in the nf register net hook() function, which can be exploited by attackers to compromise the confidentiality, integrity, and availability of protected information. The vulnerability is caused by dereferencing @new hooks after nf hook mutex has been released, allowing other threads to free the allocated hooks.

Recommendations To resolve this issue, upgrade to Linux kernel version 5.17.1 or later. As a temporary workaround, consider disabling the nf register net hook() function until a patch is available. Restrict access to the vulnerable netfilter module to minimize the risk of exploitation. Avoid using the nf hook entries get hook ops and hooks validate functions in the affected API endpoints until the issue is resolved.