CVE-2022-48933

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a memory leak in the netfilter component of the Linux kernel during the update of stateful objects. Stateful objects can be updated from the control plane, and the transaction logic allocates a temporary object for this purpose. However, the ->init function was called for this object, resulting in a memory leak when using kfree(). To fix this, the ->destroy function of the object should be called, which is done by nft obj destroy(). This function also decrements the module refcount, but the update path does not increment it. The solution involves doing module get for the update case and releasing it via nft obj destroy().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.