CVE-2022-48910

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to the ipv6 component of the Linux kernel and is caused by a memory leak. When the network device is going down or IPv6 is disabled on the interface, the code for NETDEV DOWN is repeatedly called, including ipv6 mc down(), without calling the corresponding ipv6 mc up() in between. This causes a new entry in idev->mc tomb to be allocated for each multicast group the interface is subscribed to, leading to a memory leak. The vulnerability can be exploited by joining groups with IPV6 ADD MEMBERSHIP or setting the sysctl net.ipv6.conf.eth0.forwarding to 1.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.