PT-2022-7677 · Linux+4 · Linux Kernel+4

Syzbot

·

Published

2022-12-07

·

Updated

2025-11-18

·

CVE-2022-48956

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc6-syzkaller-00012-g4312098baf37
Description The issue is related to a use-after-free vulnerability in the ip6 fragment() function in the Linux kernel's IPv6 implementation. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability is caused by the reuse of previously freed memory, which can lead to unintended behavior. The ip6 fragment() function is called by various parts of the IPv6 stack, including the UDP stack. The vulnerability can be triggered by sending specially crafted IPv6 packets to a vulnerable system.
Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. As a temporary workaround, consider disabling the ip6 fragment() function until a patch is available. Restrict access to the vulnerable net/ipv6/ip6 output.c module to minimize the risk of exploitation. Avoid using the ip6 dst idev variable in the affected API endpoint until the issue is resolved.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880
ALT-PU-2023-1066
BDU:2024-09781
CVE-2022-48956
OESA-2024-2371
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_4131-1
OPENSUSE-SU-2024_4140-1
OPENSUSE-SU-2025_0098-1
OPENSUSE-SU-2025_0101-1
OPENSUSE-SU-2025_0105-1
OPENSUSE-SU-2025_0106-1
OPENSUSE-SU-2025_0107-1
OPENSUSE-SU-2025_0108-1
OPENSUSE-SU-2025_0109-1
OPENSUSE-SU-2025_0110-1
OPENSUSE-SU-2025_0111-1
OPENSUSE-SU-2025_0112-1
OPENSUSE-SU-2025_0114-1
OPENSUSE-SU-2025_0115-1
OPENSUSE-SU-2025_0123-1
OPENSUSE-SU-2025_0124-1
OPENSUSE-SU-2025_0131-1
OPENSUSE-SU-2025_0132-1
OPENSUSE-SU-2025_0136-1
OPENSUSE-SU-2025_0137-1
OPENSUSE-SU-2025_0138-1
OPENSUSE-SU-2025_0146-1
OPENSUSE-SU-2025_0150-1
OPENSUSE-SU-2025_0158-1
OPENSUSE-SU-2025_0164-1
OPENSUSE-SU-2025_0172-1
OPENSUSE-SU-2025_0177-1
OPENSUSE-SU-2025_0180-1
OPENSUSE-SU-2025_0181-1
OPENSUSE-SU-2025_0185-1
OPENSUSE-SU-2025_0238-1
OPENSUSE-SU-2025_0239-1
OPENSUSE-SU-2025_0240-1
OPENSUSE-SU-2025_0243-1
OPENSUSE-SU-2025_0244-1
OPENSUSE-SU-2025_0245-1
OPENSUSE-SU-2025_0246-1
OPENSUSE-SU-2025_0248-1
OPENSUSE-SU-2025_0249-1
OPENSUSE-SU-2025_0251-1
OPENSUSE-SU-2025_0252-1
OPENSUSE-SU-2025_0253-1
OPENSUSE-SU-2025_0254-1
OPENSUSE-SU-2025_0260-1
OPENSUSE-SU-2025_0261-1
OPENSUSE-SU-2025_0264-1
OPENSUSE-SU-2025_0266-1
SUSE-SU-2024:3983-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:4081-1
SUSE-SU-2024:4082-1
SUSE-SU-2024:4100-1
SUSE-SU-2024:4103-1
SUSE-SU-2024:4131-1
SUSE-SU-2024:4140-1
SUSE-SU-2024:4364-1
SUSE-SU-2025:0034-1
SUSE-SU-2025:0089-1
SUSE-SU-2025:0090-1
SUSE-SU-2025:0091-1
SUSE-SU-2025:0094-1
SUSE-SU-2025:0097-1
SUSE-SU-2025:0098-1
SUSE-SU-2025:0100-1
SUSE-SU-2025:0101-1
SUSE-SU-2025:0103-1
SUSE-SU-2025:0105-1
SUSE-SU-2025:0106-1
SUSE-SU-2025:0107-1
SUSE-SU-2025:0108-1
SUSE-SU-2025:0109-1
SUSE-SU-2025:0110-1
SUSE-SU-2025:0111-1
SUSE-SU-2025:0112-1
SUSE-SU-2025:0114-1
SUSE-SU-2025:0115-1
SUSE-SU-2025:0123-1
SUSE-SU-2025:0124-1
SUSE-SU-2025:0131-1
SUSE-SU-2025:0132-1
SUSE-SU-2025:0136-1
SUSE-SU-2025:0137-1
SUSE-SU-2025:0138-1
SUSE-SU-2025:0146-1
SUSE-SU-2025:0150-1
SUSE-SU-2025:0158-1
SUSE-SU-2025:0164-1
SUSE-SU-2025:0172-1
SUSE-SU-2025:0177-1
SUSE-SU-2025:0180-1
SUSE-SU-2025:0181-1
SUSE-SU-2025:0185-1
SUSE-SU-2025:0238-1
SUSE-SU-2025:0239-1
SUSE-SU-2025:0240-1
SUSE-SU-2025:0243-1
SUSE-SU-2025:0244-1
SUSE-SU-2025:0245-1
SUSE-SU-2025:0246-1
SUSE-SU-2025:0248-1
SUSE-SU-2025:0249-1
SUSE-SU-2025:0251-1
SUSE-SU-2025:0252-1
SUSE-SU-2025:0253-1
SUSE-SU-2025:0254-1
SUSE-SU-2025:0260-1
SUSE-SU-2025:0261-1
SUSE-SU-2025:0264-1
SUSE-SU-2025:0266-1
SUSE-SU-2025:4123-1

Affected Products

Alt Linux
Astra Linux
Linux Kernel
Red Os
Suse