CVE-2022-48781

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc3-syzkaller-00316-gb81b1829e7e3

Description The vulnerability is related to the crypto: af alg module in the Linux kernel. The issue arises because the alg memory allocated field is not used, but the alg proto structure has a .memory allocated field without a corresponding .sysctl mem field. This leads to sk has account() returning true, but all sk prot mem limits() users triggering a NULL dereference. The problem occurred after the addition of SO RESERVE MEM. A general protection fault may occur due to a non-canonical address.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.