CVE-2022-48839

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc7-syzkaller-02396-g0b3660695e80

Description The vulnerability is related to a slab-out-of-bounds access in the packet recvmsg() function when an AF PACKET socket is using PACKET COPY THRESH and mmap operations. This can trigger a too big copy, potentially allowing an attacker to disclose sensitive information or cause a denial of service. The issue is caused by the tpacket rcv() function queueing skbs with garbage in skb->cb[]. To mitigate this, users of af packet using mmap() can clear 12 bytes that might be copied to user space later.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the slab-out-of-bounds access in packet recvmsg(). As a temporary workaround, consider disabling the use of mmap() with AF PACKET sockets or restricting access to the vulnerable function until a patch is available.