CVE-2022-48809

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is a memory leak that occurs when uncloning an skb dst and its associated metadata in the Linux kernel. A new dst+metadata is allocated and later replaces the old one in the skb, which is helpful to have a non-shared dst+metadata attached to a specific skb. However, the uncloned dst+metadata is initialized with a refcount of 1, which is increased to 2 before attaching it to the skb. When tun dst unclone returns, the dst+metadata is only referenced from a single place (the skb) while its refcount is 2. Its refcount will never drop to 0 (when the skb is consumed), leading to a memory leak. The fix involves removing the call to dst hold in tun dst unclone, as the dst+metadata refcount is already 1.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.